WL 7.0 and MS Active Directory.

Similar Messages

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• SCCM report to show last logged on user and the Active Directory department attribute of that user.

  I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

  You problem is here.
  right
  join v_R_User USR on USR.ResourceID
  = CS.ResourceID
  USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
  end up with unreliable results.
  Anyways you need to make these changes to your query.
  left
  join v_R_User USR on USR.Unique_User_Name0
  = CS.UserName0
  http://www.enhansoft.com/

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• OID and MS Active Directory  LDAP information Synchronization

  Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

  Hi, I have the same question.
  Thanks,
  Malin

• I have windows server 2012 R2 and install active directory

  My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
  Have not registered domain only install active directory to test. 
  So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
  software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine. 
  Please give me a solution for this.
  This is the setup for a test use only so their not big environment connect with my pc.
  Thanks in advance.
  Regards,
  Krunal

  Hi,
  The following article is talking about creating and managing Group Policy on a Windows Server 2012:
  http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
  As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
  Group Policy Overview
  http://technet.microsoft.com/en-us/library/hh831791.aspx
  Please feel free to let us know if you need further assistance.
  Regards.
  Vivian Wang

• Cisco ISE 1.2 and 2 Active Directory Domains

  Hi Support,
  does anyone know whether I can perform Certificate Authentication for two different Active Directory domains using the same ISE host / deployment?
  We have two forests with a trust link between them.
  We have a seperate PKI in each domain.
  I am thinking that the ISE can only be joined to a single domain, but because we have a trust between the two forests, the ISE can have two certificate profiles in an identity source sequence which can then use in a single authorisation policy.
  I take it that I would need local certs from each CA in the local certificate store of the ISE?
  We are performing a company merger and we cannot migrate users to the primary AD domain due to several reasons so we would like to use the same ISE deployment to authenticate Wireless users on both AD domains.
  Thanks
  Mario

  Mario,
  This is possible.  Here are the guidelines for the Multi-Forest support in ISE 1.2:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1350874
  You would have to set a new Certificate Authentication Profile for each domain and use the Authentication Policies to determine which of the Certificate Authentication Profiles to use.
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1349174
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Oracle context and MS Active Directory

  Hello,
  I have one pc with Windows Server 2003 and Oracle 10g r2
  When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
  ORA-30041: Cannot grant quota on the tablespace
  And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
  ORA-28030: Server encountered problems accessing LDAP directory servic
  Someone know how to resolve these errors ?
  Server's Configs
  Active directory name: cyclops.home.com
  Host name: server.cyclops.home.com
  My database name in the Oracle context object of my Active directory: oracle_db
  My Oracle context: “CN=OracleContext,DC=home,DC=com"
  #Ldap.ora
  DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
  DIRECTORY_SERVER_TYPE = AD
  #Listener.ora
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
  #Sqlnet.ora
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (LDAP)
  #Tnsnames.ora
  PROJET =
       (DESCRIPTION =
            (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
            (CONNECT_DATA =
                 (SERVER = DEDICATED)
                 (SERVICE_NAME = oracle_db)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)

  When I use this cmd ldapbind -h cyclops.home.com that works.
  If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
  I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
  Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
  I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it.

• Import and Export Active Directory users

  Hello,
  I want to export my Active Directory users and import them to different domain.
  I try to use ldifde without any success.
  Do anyone have any idea??
  Thanks,
  Lior

  I would suggest the Active Directory Migration tool.  
  http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
  D/L link: http://www.microsoft.com/en-us/download/details.aspx?id=8377
  If you have 2012, it will be a little more complicated.

• Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

  Could anybody point me please to the right direction?
  1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
  2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
  Thanks you in advance

  Hi Randy;
  As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
  Regard
  Helios

• AADSync and Azure Active Directory Device Registration Service

  Now I try to implement Azure Active Directory Device Registration Service with AADSync.
  According to step-by-step guide, it has to execute "Enable-MSOnlineObjectManagement" cmdlet.
  Step-by-Step Guide for On-premises Conditional Access using Azure Active Directory Device Registration Service
  https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx
  Unfortunately, AADsync doestn't have "Enable-MSOnlineObjectManagement", and can't find similar cmdlet.
  I'm looking for cmdlet for device object synchronization.
   Does anyone know alternate cmdlet?

  Hi,
  Thanks for your post.
  You need to use the command import-module DirSync in PowerShell, then running the command "get-command -m Microsoft.Online.Conexistence.PS.config", you will find the cmdlet "Enable-MSOnlineObjectManagement"
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Oracle Non-Windows DB and MS Active Directory

  Question:
  How can one configure a Microsoft Active Directory (LDAP-compliant directory
  service) with an Oracle Database when the Database resides on a unix server
  without the need of the Oracle LDAP? Is it possible ? If yes, please explain.

  Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
  Can you explain is this Oracle OID
  GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
  GC$ldap_passwd VARCHAR2(256) := 'welcome1';
  GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
  Can you give an example for MS AD?

• Enable SSO APEX 4 and MS Active Directory

  Hi,
  I want enable SSO on my APEX applications. Actually, we use Microsoft Active Directory and Windows 2003 (tomorrow maybe Windows 2008).
  Regarding your experiences, what is the best solution that I can us in order to implement SSO ?
  Thanks for your help,
  I have forget to give this informations :
  - Our Oracle Server is under Linux.
  - We use Oracle Database 11GR2.
  - Our domain controller is under Windows 2003 (we will probably upgrade to 2008 this year).
  - Our APEX version is 4.1.0.00.32.
  Edited by: user7224400 on 3 févr. 2012 16:23

  Morten -- Interesting. I wish we had found that before we implemented WebLogic and the APEX listener, it may have been an interesting other option to consider. I'm not sure it would have made it past our change control folks as they might bark at the supportability/security, but it is a intriguing option.
  Patrick -- (You have a great blog by the way.). We are talking about upgrading our APEX 3.1 instances this year so I am very interested in the new authentication type. Is it doing anything other than simply retrieving the logon_user? i.e., is it actually authenticating against anything or would it just read the logon_user and let them in if they matched a known username?
  AJ -- We just converted from Oracle Portal last year. When I had Oracle Portal, I had it setup to use Windows Native Authentication following the supported solution for that and then had APEX set up as a partner application for portal. So if someone hit portal first, they'd automatically logon as their active directory user through WNA and would be dropped into portal. If they then hit a link for APEX in portal, it would (in rapid succession) go to APEX, redirect back to the portal SSO server, see they were authenticated in app server, and drop them into APEX with barely a visible screen flicker. It worked flawlessly UNTIL we started upgrading to Windows 7. Then a number of changes and patches are required to get WNA to work with app server 10g and Windows 7. If you are using portal in your 10g IAS, you may want to consider that route.
  Pardon me while I hop on my soapbox briefly -- I think if our friends in Oracle land could come out with a fully supported method of using NTLM or similar technologies to automatically login to APEX applicaitons, it would help considerably in the adoption of APEX and the APEX listener in customers that have Oracle databases and Active Directory which is a pretty decent size market.
  Ok, soapbox moment ended. :-)
  Rgds/Mark M.

• Oracle Enterprise User, OVD and MS Active Directory (AD)

  Hi,
  I need to authenticate Oracle Users from MS Active Directory.
  If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
  If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
  Thanks in advance for answering this post : )
  CMT

  Hi,
  I am not sure that you are correct.
  In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
  (without OID).
  The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).

• CiscoSecure ACS 3.3 and MS Active Directory ?

  We just got and installed CiscoSecure ACS 3.3 on a domain controller for our MS active directory domain.
  ACS seems to work with AD in the sense that it uses the usernames and passwords contained in AD for users. However I noticed it does not seem to popluate ACS with the users, instead you have to go in to ACS and add each user with the username from AD, and then just tell it to use the windows database for password authentication.
  Is this correct or am I missing something in my setup that is preventing users from being populated in ACS?
  Also, can you not use AD groups for ACS permissions? For example one of the things we are doing is defining certain groups for access to routers, switches and firewall commands. I have been able to do this manually in ACS by defining a group and setting the permissions as well as the command authorization set. However it does not seem very practical to have to go in manually to ACS to add a user to an ACS group. I thought since ACS works with active directory it would also use AD groups. So we could assign a user to a group in AD and it would then utilize the defined ACS permissions for that group.

  I think you are a victim of the AD Aware as opposed to AD Integrated. CiscoSecure is AD Aware, it can use the AD database for Password authentication (a very simple implementation of single sign-on). But the local database is used for everything else. From my point of view this is a good thing.
  If the AD Admin, Network Admin and Security officer are all the same person, then I agree with you.
  From your message you seem to be using ACS to secure your Cisco devices (routers/switches), I would not want people who manage AD to be able to give network device access to anyone they choose. Nore do I trust AD admins to understand network security. Normally the network people are very small subset of IT organization, so this should not be a big problem. Also, the real component that you are using to secure the devices is TACACS+ (hopefully) or RADIUS because the devices are not AD Aware themselves.
  If you need for every user that is in AD to be a user in ACS, there is import/export support for both for inital setup, after that it is up to you to keep the databases synchronized. You can do this with routine import/exports, but I advise against it.
  If you are using ACS to manage a Dial or IPSec environment, I agree this is a pain, but do you really want everyone to be able to dial-in or VPN into your network without coming to you for access? Don't you want to be able to disable/expire peoples access for devices and remote access without calling the AD admin?
  For the kind of things you want, you need an AD Integrated product like Exchange or you can try some of the vendors at listed at http://www.microsoft.com/windows2000/partners/adall.asp
  FYI - This is my understanding of the product, I'm sure there are a lot of people out there that know more then me, so feel free to correct me.