Hello,
We are implementing a brand new ARS 6.8 installation and are having issues authenticating to the built in websites.
We are getting a username and password prompt which doesn’t accept any credentials, not even that of the ARS service account.
I can confirm that when opening the page from the local server there are no issues.
Can anyone please point me in the right direction where to assign the access rights to the web page?
Thanks,
Matt
Hi,
I would like to know what are the ARS rights required (on ARS) and where to change it on ARS server (I would like to grant other users/groups)
to perform powershell scripting using the Quest cmdlets for AD management (with -proxy switch)
typically,
the FW ports required to connect ARS are open.
from a remote client computer with Quest cmdlets installed,
connect-qadservice -service "serverars.mydomain.com" -proxy ; returns "The activeroles administration service is not available"
but if I specify a user and password with ARS rights It works:
connect-qadservice -service "serverars.mydomain.com" -connectionaccount $user -connectionpassword $pwd -proxy
So it is a question of rights on ARS ? which template ? where to grant this right on ARS ?
Thank you
After creating areportingtoolinQuestReporterinexport sectiondoes not havethe option tosend viaemail, is it possible to dothissending?
Hey Everyone!
At long last, we are proud to present the technical preview for ActiveRoles Server version 6.8
Join us for this webinar to have an actual full end-to-end demonstration of the live code in webinar format, with a review of the roadmap and Q&A afterwards.
Please go ahead and register at the following link. If you have specific use cases you would like to see demonstrated, please feel free to email me directly: jason.remillard@quest.com
Hope to see you there!
Jason
REGISTER HERE: http://www.quest.com/events/ListDetails.aspx?ContentID=15905
Hello,
i'm using a custom script to generate and assign a random password to users.
Let's say we have user pippo with password 'test', i execute the following script (via ARS workflow):
function onInit($context) {
$context.UseLibraryScript("Library - password generation")
}
function onPreModify($Request) {
$newpass = RandomPassword -length 5 -pattern "NNNNN" # custom function for password generation
$Request.put("edsvaTempPwd",$newpass) # i have to use a virtual attribute to temporarily store the password in clear-text since i need to notify via mail the new password to the user's boss
$Request.put("edsaPassword",$newpass )
$Request.put("edsaPasswordNeverExpires",$false)
$Request.put("edsvaUserMustChangePasswordAtNextLogon",$true)
}
But the password is not changed, pippo can still access to workstations with old password 'test'. Am i missing something?
Thanks,
Andrea
Hello,
I have a problem when debugging (Preview mode) the contents of notification in ARS 6.8 :
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Could not load file or assembly 'Quest.ActiveRolesServer.Common.resources, Version=6.0.0.0, Culture=fr-FR, PublicKeyToken=..........' or one of its dependencies. The system cannot find the file specified.
Source Error:
Line 69: <add assembly="Quest.ActiveRolesServer.Service" />
Line 70: <add assembly="Quest.ActiveRolesServer.Service.Control" />
Line 71: <add assembly="Quest.ActiveRolesServer.Common.resources" />
Line 72: <add assembly="Quest.ActiveRolesServer.Common.Services.resources" />
Line 73: <add assembly="Quest.ActiveRolesServer.Service.resources" />
Source File: C:\ProgramData\Quest Software\ActiveRoles Server\MailMsgGen\cfg\web.config Line: 71
Assembly Load Trace: The following information can be helpful to determine why the assembly 'Quest.ActiveRolesServer.Common.resources' could not be loaded.
You have a solution please ?
Thank you for your help.
Hey Group,
I am new here, but this is a great community! We have a need to notify some people when accounts will be deleted and this report has to include a couple of attributes of the user account. We've been searchin for a way to do this and the only value that seems to make sense to use for the report is the "evsadeletiondate" that is stamped on accounts after they run through the deprov process.
ANyone know if there is a script or report that will do this, but it has to be the same day or just before the account is deleted as we log certain information like fax numbers, mobile, office location, and so forth.
I am new to powershell so I haven't figured out how to write a script that would pull the info and then filter out the items I need, etc.
Thank you!
Jake
I have been trying to find the easiest way of finding what machine was locking out an account.
Account Lockout Status and Event Viewer put together will get you that information, but still thought there could be an easier way to do this.
After several attempts I came up with this LockoutLocation.ps1, I am still doing some enhancements to the script, but for now it works great.
If you have any suggestions on how I could improve this script, please let me know.
Hi,
I am fairly new to PowerShell and the Quest ARS cmdlets. I have been tasked with pulling a list of DLs which contain 100 or more members and which do not currently have the dLMemSubmitPerms attribute populated. I must then add a specific DL to the 'dLMemSubmitPerms' attribute to prevent external (non-Exchange) users from being able to use the DLs in question. To find the list of target DLs I am using the following Get-QADGroup code:
$grps=Get-QADGroup -GroupType Distribution -SizeLimit 0 -DontUseDefaultIncludedProperties -IncludedProperties AllMembers,DN,dLMemSubmitPerms,Email -searchRoot "myco.com/FIM Distribution Groups" -SearchScope "SubTree" -LdapFilter '(&(objectCategory=group)(!dLMemSubmitPerms=*))' -ShowProgress -ErrorAction SilentlyContinue | Where-Object {$_.AllMembers.Count -ge 100} | Select DN,Email | Out-Null
It takes a very long time to process (which is understandable), especially when using AllMembers rather than just Members. I just wanted to see if there is a better or more efficient method of getting this data.... The script will run daily or weekly.
Many thanks,
Stu
PS> We cannot use the msExchRequireAuthToSendTo attribute (although that would be a lot easier) due to the way in which Microsoft has implement our Exchange 2010 Office-365D environment (all external mail that comes from our internal SMTP mail relays into the Office-365D environment and is therefor is set as authenticated). Thus Microsoft recommended using the above approach instead.
Hello:
Whenever a Distribution List (DL) is created in Active Roles Server (ARS), the group ExchangeVersion is set to (6.5.65) Exchange 2003 version. In order to function correctly with Exchange 2010, every DL that is created needs to be upgraded to 2010 after they are created: PS> set-distributiongroup -identity %groupname% -forceupgrade
This will upgrade the DL to version 10.0 Exchange 2010 version, which is required in our environment.
Is there a way to do this in ARS workflows.??
-----
I created a new workflow, triggerd on group created with GroupType = 8. (Universal DL)
The workflow kicks off, and the following script runs, after the group is created:
function onPostCreate($Request)
{
$groupname = $Request.get("CN")
set-distributiongroup "$groupname" -forceupgrade
}
The issue is that the "set-distributiongroup" is regular powershell, and not a PowerGui command and this command doesnt actually run.?
I can change the script to:
function onPostCreate($Request)
{
$groupname = $Request.get("CN")
#set-distributiongroup "$groupname" -forceupgrade
set-qadgroup "$groupname" -notes "This is a test"
}
and the notes field is updated perfectly, so I know the script is correct.
I cannot find any other way to do this, but I want to upgrade all DLs to version 2010 upon creation...ideas.??
I am trying to install the Active Roles Shell for Active Directory and am getting an error stating that MSXML 6.0 must be installed. I have downloade MSXML 6.0 and MSXML 6.0 SDK and installed them both and I still get the same error. I am not sure what else to try. I want to be able to use the ActiveRoles snapin in my powershell scripts.
Thanks in advance
Hi I'm trying to grab the value of a virtual attribute using the $DirObj rather than binding to the user object directly because it's obviously faster to do this but it's not returning any values.
e.g.
function Get-Value($obj, $attr) {
################################################
#
# Function to get an attribute value
#
trap { continue }
return $obj.Get($attr)
return $null
} # End Function Get-Value
$myVAvalue = Get-Value $DirObj "myVA"
$EventLog.ReportEvent($Constants.EDS_EVENTLOG_INFORMATION_TYPE,"User-reactToAccountStatusChange_v$scriptVersion >>>>>>> in Set-OOOState - myVAValue = $($myVAValue)")
Hello,
I am trying to add a forest group (DomainRemote\Domain Users) to computer objects ACE's under DomainLocal. Then (when this works) I should set "Allow to authenticate" to Deny so Remote Users from our 1-way trust with the remote domain cannot login in our LocalDomain.
Local Active directory: DomainLocal
Remote Active directory: DomainRemote
What I did is create 2 connections: $forestDomainLocal and $forestDomainRemote.
$forestDomainRemote = Connect-QADService -Service 'DCREMOTE.remote.com' -Credential $credsRemote
$forestDomainLocal = Connect-QADService -Service 'DCLOCAL' -Credential $credsLocal
I read on this forum that we should first get the group from the remote domain, place it in a variable and then use the variable with the other connection.
$DomainRemoteGrp = Get-QADGroup 'Domain Users' -Connection $forestDomainRemote
Add-QADPermission 'CN=SHSQLTEST01,OU=SERVERS_TEST,DC=adm,DC=local,DC=domain,DC=com' -Account $DomainRemoteGrp -Rights GenericAll -Connection $forestDomainLocal
The last command doesn't work because he is still trying to search the GROUP $DomainRemoteGrp in the LOCAL AD.
WARNING: Can't lookup account for identity: 'CN=Domain Users,CN=Users,DC=RemoteDomain,DC=com'
WARNING: No valid accounts specified. Searching permissions for all accounts.
Add-QADPermission : Object reference not set to an instance of an object.
Does someone has an idea how I can get this working?
Regards
Stijn
I have inherited an ARServer installation, I have a problem !
I have found the Web Interface to:-
1- Only work as expected when the Administration Service is used from the same server as the Web Service.
2- If the service is run from a differing server from the Web Server I get a message on the webpage telling me of a version mismatch 6.7 and 6.7.0 (browsed from the webserver)
3- Within the same configuration as point 2 from the webserver I can browse the portal using http://localhost/(site name) without issue
4- In the same configuration again but from a client the page is returned with 500 error
5- From all servers I am able to use MMC add in to browse all Administration Services without issue
Apologies if this is answered previously. The only 'fix' I could find was to reinstall the Management Shell for AD, this did not resolve.
I'm trying to use a policy script to generate a default value for some UM attributes when Enabling UM for a user.
Here's the code:
function onGetEffectivePolicy($Request) { if ($Request.Class -eq "User" { $line = #Some code to get the extension $address = #Some code to get the SIP Address $Request.SetEffectivePolicyInfo("edsva-MsExch-UM-ExtensionNumbers", $Constants.EDS_EPI_UI_DISPLAY_NOTE, "This value was generated automagically") $Request.SetEffectivePolicyInfo("edsva-MsExch-UM-SIPAddress", $Constants.EDS_EPI_UI_DISPLAY_NOTE, "This value was generated automagically") $Request.SetEffectivePolicyInfo("edsva-MsExch-UM-ExtensionNumbers", $Constants.EDS_EPI_UI_GENERATED_VALUE, $line) $Request.SetEffectivePolicyInfo("edsva-MsExch-UM-SIPAddress", $Constants.EDS_EPI_UI_GENERATED_VALUE, $address) }
}
These values are already stored somewhere else and to prevent typo's the UM guys want them automatically filled in, but when I get to those values on the form they are still coming up blank. I know that part of it is working because when I click the little scroll thingy, I see the "This value was generated automagically" there.
HELP!!
Hi to all,
I searched the community but have not found anything that interested me. I was wondering if I can use powershell to create workflows in ASR. I have to create many workflows to manage Job Rotations of many profiles. I can create a powershell script that creates Workflows?
Thank you
Hi,
Hoping someone out there can help me with this.
I'm provisioning users with Quick Connect from a HR database to ActiveRoles Server, this part works great.
What I want to do now, is write the info about the newly provisioned user to a SQL database via a stored procedure, this is an internal telephone directory used on the intranet.
I've attempted to do this via a Workflow in ASR that calls a Powershell script. As below:
The script activity is as follows:
The user is created in ASR but not in the SQL database, errors in the EDM logs are generated via an error trap in the powershell script:
Workflow activity has reported an alert. Workflow name: Notify on User Provision from ESR Workflow GUID: 5a9aaae2-2fa3-4d2a-9bff-6a2bf3e8a495 Workflow instance GUID: 70a8dbfa-6869-4a40-a751-8fb70011eee0 Activity name: powerShellActivity1 Activity type: Quest.ActiveRolesServer.Workflow.Activities.PowerShellActivity.PowerShellActivity Script Module: Write User Provision Info To Staff Directory Details: At line: 8 char:6. Trapped Error: Cannot index into a null array..Exception.Message; More: System.Management.Automation.RuntimeException; Position At line:14 char:25 + $strFirstName = $srcObj[ <<<< "givenName"]
AND:
Execution of workflow instance failed. Workflow name: Notify on User Provision from ESR Workflow GUID: 5a9aaae2-2fa3-4d2a-9bff-6a2bf3e8a495 Workflow instance GUID: 70a8dbfa-6869-4a40-a751-8fb70011eee0 Operation ID: 1-45152 Operation GUID: 8eebe370-088b-42ab-8843-ef748a47da47 Operation: Create Object
Object name: Bilbo Baggins
Object parent container: domain.x.uk/x/x/x
Object type: user
Object GUID:
Initiator: DOMAIN\activerolesserver
Details:
At line: 8 char:6. Trapped Error: Cannot index into a null array..Exception.Message; More: System.Management.Automation.RuntimeException;
Position
At line:14 char:25
+ $strFirstName = $srcObj[ <<<< "givenName"]
Hello,
I want to get the email address of the user and put it in the mail notification.
The token <% = Operation.Target ["mail"]%> return an empty string, probably because of the slowness of account creation and replication of exchange attributes.
Is there anyway to add a vbs code (in the source code of the template) to retrieve the email in a script and call it from the notification ?
Or :
I was able to get the <% = Operation.Target ["proxyAddresses"]%> but in the email sent i have "SMTP:name.lastname@domain.com" we could remove this string "SMTP:" from token <% = Operation.Target ["proxyAddresses"]%> ?
Thank you for your help