Quantcast
Channel: Software Communities : Popular Discussions - ActiveRoles
Viewing all 1277 articles
Browse latest View live

Get-QADComputer and serialNumber

March 5, 2012, 8:03 am
$
0
0

I am having a problem with obtaining the serialNumber attribute for computer objects in Active Directory using the Get-QADComputer cmdlet.

Using the following code, I get nothing back

 

Get-QADComputer -IncludeAllProperties OJR2UA0460YJP |fl serialNumber

 

However if I connect to the ARS service...

 

connect-QADService -proxy

Get-QADComputer -IncludeAllProperties OJR2UA0460YJP |fl serialNumber

 

It works and returns the contents of the serialNumber attribute.

 

Why won't the get-QADComputer cmdlet return the native attribute of serialNumber when connected to a domain controller?

Search

ARS 6.8 failing with Exch 2010 (get-calendarprocessing)

March 27, 2013, 9:11 am
$
0
0

I'm running ARS 6.7 with Exchange 2010 SP2 RU 5 and have installed a test server with ARS 6.8. On the test box I have the Exchange management tools with service pack and the same updates as our servers.

It's fine with creating mailboxes and all that, I couldn't find any issues until I wanted to tweak the settings for room mailboxes. When changing settings on them it comes back with an error:

 

Administrive Policy returned an error.

Operation is not valid due to the current sate of the object

Operation is not valid due to the current sate of the object

 

Doing more testing, I realized that ARS 6.8 is actually not showing all the information for this mailbox. For example, the check box "Enable the Resource Booking Attendant" is unchecked on ARS 6.8 while for the same user it is checked in ARS 6.7. Looking into advanced properties, I see the value for that attribute edsva-msexch-enableresourcebookingattendant is just empty.

Then looking into the event log under Applications and Services Logs\MSExchange Management, it generates an error event everytime I just open the Resource Information tab of a user profile.

Event ID: 6

Source: MSExchange CmdletLogs

Part of the event text (text in blue replaced):

 

Get-CalendarProcessing

{Identity=USER-ACCOUNT-CANONICALNAME, DomainController=DC-FQDN}

 

ARS-SERVICE-ACCOUNT-CANONICALNAME

Default Host-Local

2028

52

00:00:00.0625024

View Entire Forest: 'True',

System.InvalidOperationException: Operation is not valid due to the current state of the object.

at Microsoft.Exchange.Data.Storage.ExchangePrincipal.get_ServerFullyQualifiedDomainName()..

 

 

 

So everytime I go to that Resource Information Tab, ARS would shoot a Get-CalendarProcessing cmdlet to Exchange to get the necessary information and that fails. Maybe because it's not actually going to Exchange but trying "default host-local" instead, as it also complains about the Exchange server name. But as I said, other Exchange operations work just fine.
I've already re-installed the Exchange tools and triple checked they have the same version as the Exchange servers. And if you open the EMC on that ARS 6.8 test server, it works fine and manually running the Get-CalendarProcessing works as well.

Active Roles Server Web Interface Issues

March 27, 2013, 8:59 am
$
0
0

I have inherited an ARServer installation, I have a problem !

 

 

I have found the Web Interface to:-

 

 

1- Only work as expected when the Administration Service is used from the same server as the Web Service.

 

2- If the service is run from a differing server from the Web Server I get a message on the webpage telling me of a version mismatch 6.7 and 6.7.0 (browsed from the webserver)

 

3- Within the same configuration as point 2 from the webserver I can browse the portal using http://localhost/(site name) without issue

 

4- In the same configuration again but from a client the page is returned with 500 error

 

5- From all servers I am able to use MMC add in to browse all Administration Services without issue

 

 

Apologies if this is answered previously. The only 'fix' I could find was to reinstall the Management Shell for AD, this did not resolve.

Whoami with powershell, $Request.whoami

March 19, 2013, 4:05 am
$
0
0

Hello,

 

I want to findout who is starting the script. I want to move a group and findout who has start the moving.

My SamAccountName is t2rehst and the SamAccountName from Quest is Questadm.

My problem is, everytimeI use whoami, it allways show me DOMAIN/Questadm. My account t2rehst will never displayed.

If I use $Request.whoami, so I get the following information

" System.Void WhoAmI(System.String&, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 accountName, System.String&, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 dn="I use t

Can I use the PublicKeyToken?

 

 

I try for example

 

function onPreMove($Request)

{

    $SID_QUESTADM = "SID S-1-5-21-2076390139-743132798-1575050150-90725"

 

    #snapin for Quest

    Add-PSSnapin Quest.ActiveRoles.ADManagement

 

    if ($Request.Class -eq "group")

    {

        $user = whoami

        $EventLog.ReportEvent(2,"user : $($user)")

 

        $name = $Request.name

        if ($name -match "G-AUDI-AG-DISTMng")

        {

            # only move if account is questadm (SID S-1-5-21-2076390139-743132798-1575050150-90725)

            $user1 = whoami

            $EventLog.ReportEvent(2,"user : $($user1)")

            $user1 = Get-QADUser $user -IncludeAllProperties

            $user1 = $user.SID

            $EventLog.ReportEvent(2,"userSiD : $($user)")

            if($user -ne $SID_QUESTADM)

            {

                $msg = "Group $($name) can't moved."

                throw $msg

            }

 

          

        }

    }

}

 

 

the Scipt shows me allways DOMAIN/Questadm though I hast start the script. I hope you can catch my problem.

 

woody

Visio Stencils

November 30, 2010, 6:14 am
$
0
0
Guys.

Do Quest provide any Visio stencils for the ARS product?

Cheers

Craig

Calendar functionality for VA in webUI

October 29, 2009, 8:47 am
$
0
0
Folks,

I'm attempting to create a new tab in our webUI that will include a VA with calendar functionality. What I want is to have the new VA behave the same as the Account Expires field in the webUI. When that field is clicked a calendar form popup appears and the field is populated from the date chosen. I don't need date/time, just date (but I could easily work with date/time).

Any ideas/instructions on how to create this function? I found out that our team doesn't use the existing[b] expirationTime [/b]attrib in AD or Exchange, and inputing that field in the webUI creates the calendar perfect ... but ... I don't want to use an existing attrib for fear it might potentially cause conflicts.

Ideas?

Thanks - Greg

Workflow Filter OU

March 13, 2013, 8:35 am
$
0
0

I'm attempting to create a computer account cleanup Workflow.  Everything is working fine, except attempting to filter out OU's for searching.  For example we have some NAS devices that require an AD account, but do not reset their password.  I'm querying Passwords that have not changed in 120 days.  Without filtering out the OU they get moved and disabled by the workflow.  How can I exclude an OU from the search?  I tried DN does not contain NAS, but then nothing seemed to happen.

Get the samAccountname from the currentUser

February 6, 2013, 8:00 am
$
0
0

Hello,

 

i started right now scripting with PowerShell for ARS. I want fid out the samAccoutName of the current user.

 

In VBS is the code:

 

Sub onPreModify(Request)

 

If (Request.Class <> "user") Then Exit Sub

 

strUserName = Request.get("sAMACcountName")

Eventlog.ReportEvent 4, "This is the samAccoutName: " & $currentUser

 

End If

End Sub

 

Now I want to write this code in PS. I've try:

 

function onPreModify($Request)

{

$currentUser = [string]$Request.Get("samAccountName")

 

}

 

or

 

function onPreModify($Request)

{

If ($Request.Class -ne "user")

{

$currentUser = [string]$Request.Get("samAccountName")

$EventLog.ReportEvent(4,"This is the samAccoutName: " + $currentUser

 

}

}

 

The EventLog works, but the var $currentUser is still empty.

 

//Background is: This user shoud add to a Group. Befor the user can be added to this group, must prove some settings.

 

 

with kind regards

and sorry for my bad gramma

 

woody

Search

Unified Messaging?

March 29, 2013, 5:45 am
$
0
0

Hi all...

 

My organization is wanting to install Unified Messaging and I was asked if our ARS instance will be able to support it (enable it for users, modify properties, etc).  Everything that I've found points to yes, so I went and installed ARS 6.7 (because that's what we still use in production) in the lab that they have UM installed and it's not looking too good.

 

Initial tests looks fine from the MMC, but not the WebInterface.  And we don't let anyone use the MMC.

 

When I go to the Mailbox Features tab and hover over Unified Messaging, I get a little tooltip that says "To enable or disable Unified Messaging for this mailbox, click 'Enable Unified Messaging' or 'Disable Unified Messaging' on the command menu.  That's great, but I don't have those on the command menu..  Also, when I try to click properties, a new window appears but it says "Error: Form with ID='UnifiedMessagingProperties' was not found!".

 

Is there something that I need to do to "enable" UM in the WebInterface?

Create Users from CSV Quest Powershell Cmdlets

November 21, 2012, 2:52 am
$
0
0

Hi,

I have the following script to import users from a CSV file into Active Directory. This all works fine, but now I'd like to also include any non-default fields like EmployeeID, extensionAttribute 1 etc.)

Does anyone know how I should modify this script to have the script read this information from the CSV file?

 

================================

#requires -version 2.0
#requires -pssnapin Quest.ActiveRoles.ADManagement

[cmdletbinding(SupportsShouldProcess=$True)]

Param(
[Parameter(Position=0,Mandatory=$True,HelpMessage="Enter the file name and path to the CSV file.")]
[string]$file,
[Parameter(Position=1,Mandatory=$False)]
[string]$password="P@ssw0rd"

)

Try {
    Write-Verbose "Importing $file"
Write-Host $file
    $users=Import-CSV -Path $file -ErrorAction "Stop"
} #try

Catch {
    Write-Warning "Failed to find $file"
}

$count=($users | measure-object).count
#pipe imported data
Write-Verbose "Creating $count new user accounts"       
$users | foreach {
#-ParentContainer $_.parentcontainer -name
   new-qaduser  -ParentContainer $_.path`
   -name $_.Name`
   -samaccountname $_.SamAccountname `
   -FirstName $_.firstname`
   -Initials $_.Initials`
   -LastName $_.LastName`
   -DisplayName $_.DisplayName`
   -Description $_.Description`
   -PhoneNumber $_.PhoneNumber`
   -MobilePhone $_.MobilePhone`
   -Fax $_.Fax`
   -Email $_.Email`
   -StreetAddress $_.StreetAddress`
   -City $_.City`
   -Office $_.Office`
   -PostalCode $_.PostalCode`
   -UserPrincipalName $_.userprincipalname`
   -Company $_.Company`
   -Department $_.Department`
   -Title $_.Title`
   -objectattributes @{Info="Created $(get-date) by $env:userdomain\$env:username"}`
   } |  set-qaduser -UserMustChangePassword $True
write-verbose "Finished"

===========================================================

PowerShell: how to Raise Error with Window Popup?

May 25, 2010, 9:13 am
$
0
0
PowerShell: how to Raise Error with Window Popup as described in ARS SDK for VBScript?

Err.Raise< Error Code> < Error Source> < Error Description>
- this create Popu


Sub onPreCreate(Request)
       Err.Raise 1, "Administrative policy", strError
End Sub

thanks,
Aidar

LDAP Query Kills the ARSSVC

March 31, 2013, 1:24 am
$
0
0

Hi All,

 

I am very new to ARS this is probably my 3rd day of playing with it... (that includes starting to learn PS as well..)

 

I have started of trying to solve an issue in our environment. which included

 

creating custom form on the portal - done..

creating custom Virtual attribute - done..

 

using the form to create a user including some virtual attributes - done.

 

The third part (YES I know this is very backwards but I don't have ANY options)

I need to take the account I just created via the portal page and export to a CSV file, so it can be FTP'ed to the HR solution...   (please don't ask!! - Horrible)

 

So I thought I would run a post create script that exports out the attributes in the correct format

 

Someone posted this script which will nearly do the job

 

if ($Request.Class -ine 'user') {exit}


    $user = Get-QADUser $Request.Target
    $name = $user.givenname
    $id = $user.sn
    $contact = $user.description
    $email = $user.mail
    $account = $user.samAccountName
    "Licensee=$name

     LicID=$id

     ContactName=$contact

     ContactMail=$email

     AcctName=$account" | Out-File C:\P4Accounts\$account.txt

 

 

However I need to get some virtual attributes and run the following command that can crash the server!!  (At the moment just testing...)

 

C:\>Get-QADUser CONT12-MAR-1949GregTesti31 -proxy -DontUseDefaultIncludedProperties -IncludedProperties employeeID,

nswhvStartDate,givenName,initials,sn,NSWHV-DateOfBirth,NSWHV-Gender,company | fl employeeID,nswhvStartDate,givenName,ini

tials,sn,NSWHV-DateOfBirth,NSWHV-Gender,company

 

Is this the best way to export the details to a file?  and am I doing something wrong with Get-QADUser that

 

1) i need to use -proxy so it see the virtual attributes

2) is there a better way.

 

I think I am running QARS - 6.7.x?  However I don't know how to check that..

 

Thanks

 

Peter

deprovision user report - but with several attributes of the account?

March 29, 2012, 11:40 pm
$
0
0

I am trying to find a way to create a report that can run daily which will get emailed out to specific users.  The built-in deprovision user report is fine for usernames, but I have to provide values like the dn of the account, phone number, sip address, um extension, and so forth.

I've been using the workflow email and have found that it isn't sending an email in every instance, it does in about 99% of the time, but I also would rather provide the people that need this information with 1 report instead of emails as it's better for tracking.


Has anyone come up with a way to do this or a way to create custom reports without spending hours in sql report builder?  (Ok, it's hours if you aren't a sql dba or report writer:)

 

Thanks!
Jake

ARS Web Interface Clustering Using NLB and Kerberos

November 6, 2008, 8:23 am
$
0
0
Hi Community.

I have a problem that I just can seem to figure out.

I have ARS 6 Administration Service
I have two web servers
I have configured a host header for a unique website. - arsadmin.mydomain.com on each node.
I have a DNS A record for arsadmin.mydomain.com point directly to the cluster IP Address (No Alias!)
I have the ARS admin site installed as a Virtual Dir. within the unique website on each node.

At the moment I have Basic authentication (default) enabled and when a user uses:
- http://ars.mydomain.com/ARSAdmin
It will authenticate the user and grant the user access (Using the virtual hostname)

When I change the authentication mechanism to Integrated Security (Kerberos) I get errors on the Administration service server (Security EventID540) and I can see it reverting to Basic Authentication (NTLM).
The user in the event is: NT Authority\Anonymous Logon

I read a bunch of information on setting up an SPN to allow kerberos authentication from the virtual hostname but I can not get this to work.

My question is.
Has anybody tried this? Does anybody know the correct procedure for setting up Quest Admin Website to work with a Network Load Balance Cluster using Integrated Authentication?

Thank you so much.

Overriding SAMAccountName Generation Policy

August 21, 2012, 12:50 pm
$
0
0

Posting here as I haven't been able to find an answer to this issue:

 

We have an existing Policy to Generate the SAMAccountName values for user objects. (i.e. combination of FirstName & LastName, no more than 8 chars, , stip out restricted characters, etc.)

 

For a specific class of users, I wish to bypass / override this policy and use a very different set of rules.

 

I'm using the "onGetEffectivePolicy" Event to populate all required attributes automatically but it will not work for SAMAccountName -- presumably due to the existing Policy Generation Rule...

 

I've tried using the ClearEffectivePolicy method for every SAMAccountName permutation I can think of -- but no effect

 

            Request.ClearEffectivePolicyInfo "samAccountName", EDS_EPI_UI_SERVER_SIDE_GENERATED

            Request.ClearEffectivePolicyInfo "samAccountName", EDS_EPI_UI_VALUE_REQUIRED

            Request.ClearEffectivePolicyInfo "samAccountName", EDS_EPI_UI_GENERATED_VALUE

            Request.ClearEffectivePolicyInfo "samAccountName", EDS_EPI_UI_POLICY_RULE

            Request.ClearEffectivePolicyInfo "samAccountName", EDS_EFFECTIVE_POLICY_DEFAULT_VALUES

 

I've tried to get the "OnGetPolicyMarker()" function to work -- with many different syntax values -- but it doesn't see to do anything...

 

I've even tried a Request.Put "samAccountName", xxxxxxxxxx ...

 

...but it only seems to work for a static value -- nothing dynamic (i.e. either read from a variable like "Request.Get("sn"), or as per a Policy Generation Rule -- "%<sn>" )

 

I've even tried to make it so that the generation button will set the value using CheckPropertyValues but the existing Policy always seems to have precedence rather than the "special case" rule...

 

Ideally, I'd like the SAMAccountName value to populate automatically as it does for other attributes using EDS_EPI_UI_POLICY_RULE

 

I'd like the existing Policy Display Note to be NOT shown -- to be replaced with a Custom message...

 

I don't want the "generate" button to show up (if possible) and I'd be making the field Read-Only by placing in the script:

                    Request.SetEffectivePolicyInfo "samAccountName", EDS_EPI_UI_AUTO_GENERATED, True

 

Any ideas on how to get this to work?

Search

Update profilPath after onPostMove

December 11, 2012, 7:43 am
$
0
0

Hello,

 

I am trying to use a script which will update profilePath attribute when the user is moved into a different OU.

 

Exemple :


old_profilPath : \\mydomain\AJAC\profils\U1\n.test

new_profilPath must be : \\mydomain\ALBI\profils\U1\n.test

 

The string ALBI is the description of OU -2 level.

 

--rootOU

----GroupsOU (description = ALBI)

----PrintersOU

----UsersOU

 

The destination OU is : ----UsersOU

 

$strContainerDN = $Request.Parameter("TargetContainer")


i can't retrieve the description of GroupsOU in onPostMove function;

 

Thank you for your help;

Quest ARS - how do you edit the default List Exchange Mailbox Stores values?

April 2, 2013, 8:47 pm
$
0
0

When creating a user in an OU that has a policy applied to it, you can specify certain mailbox databases that will be used for provisioning.

 

If you do NOT have a policy applied, then Quest ARS uses the "Built-In Policy - List Exchange Mailbox Stores".  Is there a way to be able to edit which stores are listed by default?  I do not want every single mailbox database shown when a helpdesk person creates a user in a new OU or somewhere that does not have a policy applied.  I cannot see the List Excahnge Mailbox Stores policy under the Built-In section?

ActiveRoles Server 6.8 Technical Preview - Webinar

November 10, 2011, 10:08 am
$
0
0

Hey Everyone!

 

At long last, we are proud to present the technical preview for ActiveRoles Server version 6.8

 

Join us for this webinar to have an actual full end-to-end demonstration of the live code in webinar format, with a review of the roadmap and Q&A afterwards.

 

Please go ahead and register at the following link.  If you have specific use cases you would like to see demonstrated, please feel free to email me directly: jason.remillard@quest.com

 

Hope to see you there!

 

 

Jason

 

 

REGISTER HERE: http://www.quest.com/events/ListDetails.aspx?ContentID=15905

Quest One ActiveRoles Language Pack 6.8

January 24, 2013, 2:41 am
$
0
0

Hello,

 

I would add French language in WI Interfaces.

 

In the document QuestOneActiveRoles_6.8_ReleaseNotes.html :

 

"This release has the following known capabilities or limitations: Quest One ActiveRoles 6.8 is released without localization. Product localization and translated documentation will be released separately as Quest One ActiveRoles Language Pack 6.8."

 

But i don't have LCID French code : http://msdn.microsoft.com/en-us/library/0h88fahh(VS.85).aspx   to can translate : ARServerAdmin, ARServerHelpDesk and ARServerSelfService  web WI.

 

Thank you for your help

Help with script using csv import

April 2, 2013, 9:05 pm
$
0
0

I have a script with about 7500 users. The headers are DisplayName and PhoneNumber in the csv. I need to read the csv and then update the msrtcsip-line Active Directory attribute for each user. Sadly I haven't used ActiveRoles cmdlets hardly at all so it feels a little humbling to not know how to approach this.

 

I am thinking something like this?

 

Import-CSV filename.csv

Get-QADUser $ | Foreach-Object{

    $user = $_.DisplayName
    $phone = $_.PhoneNumber
    Set-QADuser -Identity $user $_ -ObjectAttributes @{'msRTCSIP-Line'="tel=$phone"}
}

 

Can someone help me out please? Need to run this and then customize it a bit.

 

Does this look right?

 

Import-Csv data.csv | ForEach-Object -Process

Set-QADuser -Identity "$_.'DisplayName'" $_ -ObjectAttributes @{'msRTCSIP-Line'="$_.'Phone'"}

 

Message was edited by: Jason Merrill

Viewing all 1277 articles
Browse latest View live
Search