Windows client error joining with Samba 4.2 Active Directory server

Similar Messages

• 10.3.9 clients not working with 10.4.9 open directory server

  I have a 10.4.9 server running open directory and managing about 20 10.4.9 clients. I am trying to have it manage our remaining 10.3.9 clients, but for whatever reason, I cannot seem to get the 10.3 clients to "attach" to the server.
  I have the 10.3 clients set up in a computer list on the server, and in directory access I have it set to "get ldap mappings from server". At one point, it was suggested to me that I have the clients "get ldap mappings from open directory server". I tried this, and manually set the search base suffix. My search base suffix was "dc=example,dc=local". I even tried doing "cn=config,dc=example,dc=local" (where in both cases example.local was replaced with my real DNS name). Any suggestions on what else I could try to get this to work?

  That's the odd thing though. I've done this with 10.4 no problem. Settings always worked. For some reason though, even though the clients are able to login using a network user, none of the preference settings sync.
  For example - I always put a loginwindow message on as a sort of "test" to see if preferences are being set. If that works, then I rarely have a problem. No matter what I do, though, I cannot get the loginwindow message to display on the 10.3 clients. It works really well on 10.4, but not at all on 10.3. I've tried this on multiple 10.3 machines, as well, (and they're both based on different system images) but it still doesn't work. When I get back to work on Friday, I'll have to see if preferences will work for network users; that's the one thing I haven't tried.
  Other than dumping the directoryaccess preferences, is there another preference setting that could be dumped on the client that may make it grab prefs from the server?

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• Can an email address be a member of an LDAP group even if it isn't associated with an object in the Directory Server?

  Can an email address be a member of an LDAP group even if it isn't
  associated with an object in the Directory Server?
  <P>
  General members of a group are the members defined in the
  Directory Server. They are full-fledged members of the group who
  may have a set of permissions associated with their membership,
  a title, or other attributes. Mail-specific users are users who
  are not full-fledged members of the group, but who receive mail
  sent to the group. Mail-specific users need not be identified as
  a user in the Directory Server--an email address is sufficient.
  An example of this is a group of salespeople, all of whom are in
  the group "North American Sales Team." They have access to a
  sales-tracking database, on-line quota information, and
  competitive information. The mail-specific users of this group
  are the admins who support the members of the sales team, who need
  to get the mail that goes out to the group, but don't need access
  to the applications and information that the salespeople do.

  Hey EllyK,
  Welcome to the BlackBerry Support Community Forums.
  Thanks for the question.
  I would suggest performing this workaround and then try to login to BlackBerry Link:
  Open BlackBerry World on the BlackBerry smartphone and sign in using the BlackBerry ID. 
  Connect the BlackBerry 10 smartphone to the computer. 
  Open BlackBerry Link
  Sign in using the BlackBerry ID. 
  Let me know if the issue still persists.
  Cheers.
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!

• Replica Active Directory server in windows server 2008 R2

  I installed and configured a secondary active directory server in 2008 R2 for fault tolerance as well as backup active directory server
  what i wanted to know is if  my primary AD goes down??? what changes i need to do my users pc since they are  using primary DNS of of primary AD IP.. i am confused i want to know what need to be done if AD goes Down

  > shall i update my DHCP configuration to assign primary DNS as
  > 192.168.1.225 and secondary DNS as 192.168.3.245 and other DNS as
  > 8.8.8.8 etc.
  Yes. and you shall NOT deploy 8.8.8.8 as a DNS server to your clients,
  but you shall configure this as a forwarder on your DNS servers.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• 8.1core Client errors 80072EE2 against local WSUS; OK from Microsoft Server.

  //alpha is our patched 2008R2 WSUS Server 3.0 SP2, its Registry says InstallType 1, VersionString 3.2.7600.226. It has Hotfixes installed: 2720211, 2734608, 2938066(3.2.7600.274). Serves updates fine for our domain-joined PCs.
  We are in a remote South Pacific island and are very bandwidth constrained, so for 7HomePremium & 8.1core machines we run WSUS Client Manager for Workgroups ver 1,1 2012 https://wsusworkgroup.codeplex.com/ to set them to get Updates from our local WSUS.
  This works (on all, I believe) except on brand new 8.1core laptops (ie they need lots of Updates), that can fail with error 80072EE2. I believe Ive seen this several times and with a new 8.1core laptop on the bench, I want to get to the bottom of it.
  On the Client:  "You receive updates managed by your System Admin." I go "Check for Updates" get "Checking for Updates" for 20? secs before the 80072EE2. Ran Microsoft FixIt / WSUS Client Troubleshooter, same. Avira Antivirus,
  same if its realtime protection is disabled. No other antimalware running. Computer is not showing in any of the Computer Groups in WSUS Server. Ran Lawrence's Solarwinds Diagnostic Tool for WSUS Agent, Agent Config Settings "good" but Server Connectivity
  fails with "WSUS Server Connectivity: unable to connect to the remote server" "connect failure caused by a network infrastructure fault making Windows Update unavailable to the client". 8.1 Desktop on same LAN switch gets updates from WSUS
  fine.
  Updates from Microsoft Servers work; I accepted 17, which is all the actual "Updates" incl the 8.1 Update (ie not Security Updates,NET,Office etc), retest & local WSUS still error 80072EE2. Turned off Windows Firewall, same. Many reboots.
  If client webbrowses to  http://alpha/selfupdate/wuident.cab  it is offered this .cab.
  HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate - WUSServer, WUStatusServer with & without port #, these all error:
  http://alpha:8530
  http://alpha.domainname.local:8530
  http://alpha.domainname.local:80
  http://alpha.domainname.local  <left it like this.
  HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU  UseWUServer  1
  ControlPanel - WindowsUpdates - Install Updates Automatically.
  wuauclt.exe /resetauthorization /detectnow  waited 8 mins, same.
  Regarding  http://technet.microsoft.com/en-us/library/cc720439%28v=ws.10%29.aspx
  In Server Manager - IIS Im not seeing any websites. (me not very good with IIS). If there is no site and WSUS uses one, how are all our other clients successfully updating?   Must be, the webrowse to \Selfupdate works. Im wondering how the client
  authenticates. Want to check IIS logs but C:\Windows\System32\LogFiles\W3SVC1 no exist; C:\inetpub\logs is empty; C:\Windows\System32\LogFiles\HTTPERR\httperr3.log  has entries from yesterday but not today, & none for this clients IP address.
  Server Manager - Roles - Web Server - Health & Diagnostics - not installed. explains lack of logs.
  Roles - Security - Windows Authentication - installed, Basic Authentication not installed. Installed it, same, uninstalled it.
  Not sure where to go from here. I want to look harder at the association between WSUS & IIS esp re authentication, but Im not seeing a way at it.

  We are in a remote South Pacific island and are very bandwidth constrained
  Timeout errors from the client are generally networking issues. By all rights, if you're on a bandwidth constrained site, then you probably should have a local (replica) WSUS server, so those clients don't have to make WSUS connections across your bandwidth-constrained
  connection.
  In Server Manager - IIS Im not seeing any websites. (me not very good with IIS). If there is no site and WSUS uses one, how are all our other clients successfully updating?
  If client webbrowses to  http://alpha/selfupdate/wuident.cab  it is offered this .cab.
  Well, if there's no v-root for "WSUS Administration", then the port 8530 suffix is incorrect, and possibly the WSUS resources are actually IN the Default Web Site. We know, factually, that there's a /selfupdate folder in the Default Web Site because
  you successfully accessed it with a browser, but that's not necessarily significant, because on a WSUS v3 server there is always a /selfupdate v-dir in the Default Web Site. It does tell us, however, that the browser can at least get to the right server.
  The question is: Where is *WSUS* installed. Your use of port 8530 implies that there should be a "WSUS Administration" v-root. If it's not there, you've probably found a root cause.
  Another observation... in the browser you used the short name, which ostensibly resolved correctly within the domain.local DNS zone. However the WUA is configured to use the FQDN. You should check that the client is properly treating that as a FQDN, and
  not trying to append another suffix.
  I'd ask the more mundane question: Why aren't you using the simple hostname in the WUAgent configuration anyway? And if you do: Do the timeout errors go away? Usually when I see people using FQDNs to get to internal (local) resources, that suggests something
  is not right with the DNS .. and a not right DNS can cause timeout issues trying to find inaccessible or non-locatable resources.
  Do nslookup alpha and nslookup alpha.domain.local both return the same results when run on this client?
  If the client was actually getting TO the WSUS server using an invalid port number, it should be receiving an  HTTP 404 error from the WSUS Server. But it's not. It's timing out, either waiting for a response that might be that HTTP 404 never arriving,
  or waiting for a response that's never going to come because the connection was never made.
  I'd suggest (once you actually find the WSUS v-root), to inspect the IIS logs on the WSUS server and see if it's actually getting any inbound traffic from those clients.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Joining 10.8.5 with existing account to Active Directory domain

  Hi-
  I have a MacBook Pro that I am using as a test computer to figure out how to introduce the growing population of Mac's into our Active Directory environment in our small company. This comptuer is running OSX 10.8.5
  There is a test account in AD that I will be using to connect to the windows domain. I am able to get the Laptop binded to AD, and have no problem authenticating, and seeing all the network resources required.
  Here is the part that has me stumped:
  Is there any way to take my existing "local" account that was configured when I began using my MBP without Active Directory and continue to use it, but logon to the laptop using my Active Directory account?
  Perhaps copy all the settings and preferences from the local account ontop of the AD account on the laptop?
  I have been using this laptop as my personal machine for many months and have quite a few customizations made to my deskop preferences, icon layouts, etc. This will be same case with all of the users that will soon be authenticating on the domain. We need this for centralized management of network shares, password policies, and number of other security features.
  There is some limited information on the web, but nothing that I have tried really works, here's some of what i found and the difficulty that resulted.
  http://community.spiceworks.com/how_to/show/37886-convert-mac-local-user-into-ac tive-directory-network-user
  - The script mentioned in step 3 was not able to copy local account to the destination folder.
  http://robotcloud.screenstepslive.com/s/2459/m/5322/l/112415-convert-local-accou nts-to-network-mobile-accounts
  - The sudo mv /Users/USERNAME /Users/DIRUSERNAME command was not able to make the "DIRUSERNAME" directory, and did not have any effect if this directory already existed due to a prior logon.
  I'm just looking for some help making it so that my users can retain their desktop layouts that they are used to, but logon to the domain using AD credentials.
  Seems simple, but is pretty difficult to get done.
  Thanks in advance for any help....
  -Aaron

  This might help:
  http://www.afp548.com/article.php?story=20060517222656622&query=radius

• Error while creating a user in Active Directory.

  Hi Guys,
  I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
  13:51:15,635 ERROR [STDERR] Data AccessException:
  13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
  SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
  at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
  at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
  at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
  at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
  at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
  at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
  at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
  at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
  at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
  at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
  at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
  at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
  at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
  at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
  at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
  at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
  at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
  at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
  at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
  at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
  at org.jboss.ejb.Container.invoke(Container.java:960)
  at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
  at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
  at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
  at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
  at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
  at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
  at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
  at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
  at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
  at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
  at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
  at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
  at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
  at $Proxy758.setProcessFormData(Unknown Source)
  at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
  at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
  at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
  at $Proxy803.setProcessFormData(Unknown Source)
  at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
  at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
  at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
  at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
  at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
  at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
  at java.lang.Thread.run(Thread.java:619)
  Thanks,
  Hemant

  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
  This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
  So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
  The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
  While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
  Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
  And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
  Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
  And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
  And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

• Link DN with information coming from active directory

  I have setup a Unified CM and IM/presence server. The Unified CM server is connected to LDAP active directory to authenticate the users that login via the Cisco Jabber Windows client. I have configured CSFdevices for each user and created a DN which has the same number as the normal phone line number. The users logging in to the cisco jabber client appears well as reachable in to the client for the other user that are logged in. However when I try to call them (via the number that comes from active directory) this doesn't work. (busy number) When I type the number that I have configured as a DN I succeed to make a connection with a different user.
  Any idea how to link the DN from the CSF softphone with the information that comes from Active directory.
  Any help would be appreciated.

  Forget about application dial rules mate, if you do desk phone control using Jabber, and you dial a person  using that person's telephone attribute in AD, just put a translation pattern in place. That should work.
  that way you can also use DNA for troubleshooting purposes.
  Alternatively, you can populate the ipphone in AD and populate that with the extension that is configured on the phone/CSF device and alter the LDAP atrribute mappings in Presence  (applications>cisco jabber>jabber settings).  but this will not solve your problem if you use like iphones, ipads .
  =============================
  Please remember to rate useful posts, by clicking on the stars below.
  =============================

• Two account with same UPN in Active Directory

  Is it possible to have two accounts with same UPN in AD? 
  I'm using Windows Server 2012 R2

  To expand on what Mr X said. Active Directory allows you to assign just about anything to the userPrincipalName attribute, as long as the value is unique. The value of this attribute is generally referred to as the UPN. But you could assign values with no
  "@" symbol, for example, or more than one "@" symbol. Also, Active Directory does not require that any value be assigned. It is an optional attribute.
  If no value is assigned to the userPrincipalName attribute, then the user can use a "default" UPN, which is <sAMAccountName>@<DNS domain name>, where <sAMAccountName> is the "pre-Windows 2000 logon" name of the user
  (the value of the sAMAccountName attribute), and <DNS domain name> is the DNS name of the domain.
  If a user has a value assigned to userPrincipalName that does not match this "default" form, then they can logon with either UPN, as long as no one else has either value assigned to their userPrincipalName attribute. You will note that Active
  Directory enforces uniqueness in the domain on sAMAccountName values.
  If in domain "domain.com" a user has a sAMAccountName of "jsmith" but userPrincipalName "[email protected]", then another user can have userPrincipalName of "[email protected]" (as long as no one else
  has that value assigned to userPrincipalName). They can each logon with their assigned values for userPrincipalName. But the first user can no longer also logon with their "default" value, based on their sAMAccountName, because it is now
  used by someone else. But if you attempt to assign a value to userPrincipalName that is also assigned to another user, you get an error.
  Bottom line, only one person can logon with any given UPN.
  Richard Mueller - MVP Directory Services

• NTLM Authentication with a domain controller/active directory

  Hi,
  I have a requirement to do an NTLM authentication with the MS active directory.
  I am aware that JNDI doesn't support this protocol to communicate with the AD.
  I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
  What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
  Can any of you guys suggest any alternative to achieve this ?

  it really depends to be honest. I'd probably go something like this though:
  One Small physical server to act as a domain controller - you could put DHCP on this too
  One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
  Then for your VM's create the following:
  1 x additional domain controller
  For remote desktop services:
  1 x Remote Desktop Session Host
  1 x Connection Broker
  1 x Gateway and web server
  For additional services
  1 or 2 x Exchange
  1 x sharepoint
  1 x IIS
  but it really depends what you want to achieve. 
  The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
  If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
  Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• How to create Roles along with Entitlements in Sun One Directory Server?

  i need to create roles in sun one directory server along with entitlements
  please help me in this regard

  Hi Logeshr,
  Is the issue with deploying the webjobsever resolved ? If yes, could you share the work around so that it can help others who has similar issues.
  Most possible causes for the issue could be Problems with  Problems with Parallel build using MSBuild  or
  HeatDirectory failure on TFS with MSBUILD error MSB4166: Child node “3” exited prematurely
  However, as you said it works fine in Visual studio , ensure your CI server has all of the latest updates to MS Build.  If you're not current, you'll get a build error when .targets file processes at the end of the  buildsequence. 
  Regards,
  Shirisha Paderu

• Windows Active directory server administration

  can member of domain admin user install software  to  client computers in active directory client computers

  Hello,
  by default the domain admins security group is added to the local administrators security group on EACH machine in the domain. So check the Administrators security group on the local machine.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Issue with Reset Password from Active Directory Integration Pack

  I seem to be having some issues with a subscription in the Reset Password activity from the Active Directory Integration Pack. The "User Password" field refuses to take a value from a subscription provided earlier in a Generate Random
  Text activity. As you will see in the screenshot below, when the Reset Password activity runs, the User Password value is blank.
  Any idea why this might be happening? It looks like a possible bug with the Active Directory Integration Pack.

  Hi John,
  I think this is not a bug, this should be by design because the password is a secure string. If you look for the Published data for Reset User Password activity at
  http://technet.microsoft.com/en-us/library/hh553463.aspx it is not listed there as well.
  If you need the the string (e.g. to send it via email) use the
  data from the "Generate Random Text" Activity.
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• Windows client - error opening file from OS X Server

  We discovered, that some files cannot be read from windows applications via the server - Xserve 10.4.8 Server.
  When we try to open files from applications (open dialog, or double click ) via the server, the apps stop reading with errors. These errors occour not with all files!
  A copy of these files to the local Win-machines of course can be read.
  But, using a normal Win XP machine as a "server" will work fine.
  We use the latest Xserve and Software and Win XP-64 Clients with a 1000BaseT Network.
  Is there a samba issue, or can we modify some settings?
  This is really frustrating, because this was the reason why we bought the Xsever.
  Can anyone help me?
  Regards Markus

  The only thing I can offer you is a "me too".
  I have the same issue, but it only appears in some applications. My guess is that the method the application uses to open files makes the problem appear; other applications the users are using do not have this issue.