FAQ Database Discussion Community


Implementing windows authentication in MVC using Active Directory (AD)

asp.net-mvc,active-directory,windows-authentication
I have following requirement for my application : Application Security will be controlled with Windows integrated security. The Active Directory (AD) Domain must be stored in the application XML configuration file. Users will be able to View the Master File and Transaction assignments with no security. There will be one...

Spring LDAP Context.REFERRAL to follow

spring,spring-security,active-directory,ldap
How do I set the LDAP Context.REFERRAL to follow in a Spring Security configuration? This is related to a problem I already reported and for which I found an unsatisfactory solution before discovering the real solution I am seeking for involve setting this environment attribute in the LDAP context to...

javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Object Class Violation];

java,active-directory,ldap
Here in this code am not able to add one user to group,Can u plz Suggest me?itz very urgent..Here uid is user.Here cn=citizens,cn=doit,o=evault is grorp Full DN.and also instead of member i tried with memberOf.But still it is showing same Exception. Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, initctx); env.put(Context.PROVIDER_URL, myhost);...

List of inactive accounts has empty logon dates

powershell,active-directory
I'm trying to run a script to capture accounts that haven't logged in for 90 days or greater. I need the script to exclude certain EmployeeIDs that are service accounts in our environment. I have the following script that works, but the LastLogonDate is blank in the output. Is there...

Django LDAP authentication fails: SERVER_DOWN

python,django,authentication,active-directory,django-auth-ldap
I'm using the django-auth-ldap for the authentication. I'm having the following error: Caught LDAPError while authenticating xxx: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},) Using: AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER } in setting.py should solve the problem, but it doesn't. I played around and it looks like...

Error with Get-ADUser: Invalid enumeration context

powershell,active-directory
I posted this question the other day Extract e-mail from grouped objects $OuUser = @{} $OuUser = Get-AdUser -Properties * -Filter * -SearchBase "domain" $Duplicates = $OuUser | Select samaccountname, mail,UserPrincipalName | Group-Object Mail | Where{$_.Count -gt 1} $Duplicates | Select Name,Count,@{l='Accounts';e={($_.Group|Select -Expand samaccountname) -join ';'}} | Export-CSV E:\Damo\Duplicates.csv -NoTypeInfo...

Force unbind Mac from Open Directory from command line

osx,active-directory,unbind
Is it possible to force unbind a Mac from Open Directory using command line? I have seen it for AD using dsconfigad but not for OD.

How to get LastLogon or LastLogonTimeStamp (whichever is most recent) from all Domain Controllers

powershell,active-directory
So far I have a script for Powershell that shows me Name, SameAccountName, Description, EmployeeID, EmployeeID EmployeeNumber, EmailAddress, LastLogon, Manager, Title, Organization, and if the account is enabled. However, the LastLogon that I am receiving isn't 100% correct since we use many Domain Controllers. The following is my code: Get-ADUser...

UserPrincipal properties returning null

c#,active-directory
Recently I've been working on a small part of a very large application. In this part I need to receive data from active directory properties using the UserPrincipal class. This works fine for some properties i.e GivenName, Surname. But when I'm trying to get the values of properties like 'name'...

Active Directory how to simulate a user login in and changin his password

windows,powershell,login,active-directory,passwords
Short story : Knowing the temporary password of a user, how to simulate a user login and change it's password without actually open a session when the option user must change password at next logon is enabled ? Long story: I'm in a helpdesk and have access to an app...

PowerShell + AD: Return users from within any groups in a specific OU, plus count

active-directory,powershell-v3.0,quest
PowerShell "white belt" here, first time poster. I'll try not to lower the collective IQ of such a helpful community while I'm here! :) I'm running PowerShell 3.0 with Quest installed. My organization has an Active Directory OU with several Security Groups that all control VPN access - these were...

Can I use ASPNetIdentity and ActiveDirectory?

active-directory,owin,aspnet-identity
I have been looking over examples of using Asp.Net Identity and various providers to supply authentication using facebook, twitter, etc. I have an MVC 6 solution, currently being developed using VS2015 RC. It will be deployed to an organisational IIS. AD is primarily used to authenticate users, the majority of...

Trying to rename several account types at once based on current displayName

powershell,active-directory,user,rename,identity
This morning some awesome people helped me make a script to move user accounts based on their displayName to a certain OU. I tested and it worked. I cannibalized the script to make another one that will rename the same accounts based off of the same criteria. I've gone through...

How to query Acive Directory with Windows Powershell for userprincipalname,business phone, and Job Title

windows,powershell,active-directory,ldap
Kind of new to scripting here. Currently using the ad module for power shell. So I want to be able to query the userprincipalname,business phone, and Job Title. Ultimately I'd like to put this onto an excel sheet so I can find those who don't have a phone # or...

Gitlab LDAP (Active Directory) Authentication without Server Side Access

ruby-on-rails,active-directory,ldap,gitlab
I am using GitLab Omnibus 7.10.0 on RHEL 6.6. I have enabled LDAP using the following configuration: gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'FOO COM Active Directory...

Query user data from a specific AD DC

c#,active-directory,domaincontroller
I'd like to query some user attribute in our AD, but on a specific DC, in C#. We've a few dozens of DCs and I suspect that there is some replication issue between them. I'd like to make a cleanup of unused accounts, to which I'd like to use the...

Ldap: retrieve subgroup from parent group in C#

c#,active-directory,ldap
I have security groups in Active Directory account. Security groups have users and also sub groups. I able to get users from Security groups .Here is the code for getting users from security group and I passed "groupname" as parameter.It will return corresponding users belong to group. DataTable dt =...

get full name of the AD domain\initials powershell

powershell,active-directory
I have some powershell script which gets the owner of certain files like so: $CreationOwner =Get-Acl $path | Select-Object Owner but now I have the AD name like so domain\ar is there anyway to now turn this into the name of the person...

How to stop consent in an Azure multiple tenant application

authentication,azure,active-directory
I have a multiple tenant application in Azure. Visitors to my site (when trying to log in) are presented with a consent form asking permission to allow the application access to their AD, after which the visitor is then logged in. How do i stop that happening automatically (and still...

Active Directory authentication with initial page open (mvc 4)

asp.net-mvc,asp.net-mvc-4,active-directory
I want first page available to everyone and through form (no popup) and Active Directory authentication. Everything is fine if I use Windows authentication but as I said I don't want popup and I do want first page aviable and with login form fields. Is this possible? If so how...

AuthenticationException LDAP using plain Java

java,authentication,exception,active-directory,ldap
i have a problem while connecting to an Active Directory via ldap using plain Java. If the displayName begins with a , (Comma e.g. ", name") I get a javax.naming.AuthenticationException. The displayName is never used in the application. Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS wich I use dont contain any commas. Can somebody...

Mapping enterprise roles in ADF Security to groups in Active Directory

java,active-directory,weblogic,oracle-adf,adf
I am trying out implementing ADF Security with AD Server and Weblogic server. I have deployed adf application to my weblogic and at the same time configured AD Server on weblogic as well. I can see all the users and the group in the weblogic console from the AD server...

Active Directory membership provider using LDAP

asp.net,azure,active-directory,ldap,membership-provider
I am working on a school assignment where we handle logins to a web application written in asp.NET using Active Directory. Our Active Directory is installed on a virtual machine on Azure. When trying to login, I am presented with the following error: I have checked my connection string multiple...

how to get sub groups from security group in active directory c#

active-directory
I have security groups in Active Directory account. Security groups have users and also sub groups. I able to get users from Security groups .Here is the code for getting users from security group and I passed "groupname" as parameter.It will return corresponding users belong to group. DataTable dt =...

Should the system be in domain to login as active directory user?

dns,active-directory,gpo
I want to prevent my system to get GPO's of domain. Thus thinking if i can still login as one of the domain user without putting the system in domain. If not is there a way to atleast prevent the domain policy to be applied to local system....

SQL Query to loop through AD OUs and get a count of objects

sql-server,active-directory
I'm trying to produce a report that has a count of computer objects within many, many AD OUs from SQL Server so I can join it to other data in a SQL DB and then create a report with SSRS. I've figured out how to do it with a single...

Organizing Active Directory accounts

powershell,active-directory,user,organization,ou
I am trying to get a script to work that will organize my active directory accounts based off of their display name since all of our accounts have their OU in their name (or a subOU). I am trying to do this with an If statement inside of a ForEach...

Avoiding Active Directory Uniqueness Constraint Violation During Rename

windows,active-directory,ldap,windows-server-2012,windows-server
Our environment has 2 Windows domain controllers successfully replicating on W2k12. In that domain, like everyone else, we have tons of accounts, some of whose account attributes are required to be unique. For business reasons not worth visiting here, we need to sometimes swap attributes between accounts. That is, user1...

AD Group authorisation in MVC5 web app

asp.net-mvc,active-directory,asp.net-mvc-5
It was similar to the linked answer but I used the following syntax instead: Ended up using [Authorize(Roles = "DOMAIN\\Group")] in the controller which worked perfectly I have a web app, that I've completed now and the only things outstanding are to: Upload to a web server; Make it so...

Changing a specific Active Directory attribute programmatically

c#,active-directory
I'm working on a tool to automate some Active Directory tasks such as removing users from groups, changing user's passwords, and updating attributes for the user such as their telephone number, etc. I'm leveraging both System.DirectoryServices and System.DirectoryServices.AccountManagement. I'm having trouble finding a way to modify the Deny this user...

Error when leaving input blank in ASP

asp-classic,active-directory
I am developing a script to allow users to write to Active Directory. The problem is that, when I leave a field blank, it results in an error. When, however, I put a value in, even a space, it seems happy. I have the following code: <%@LANGUAGE="VBScript"> %> <% if...

Howto change expired password over JNDI in Active Directory without admin user

java,active-directory,ldap
I would like to change password for user in Active Directory using JNDI. The problem is, that this user's password has expired. When I create InitialDirContext it gives me immediately an error (data 773 means password expired): javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data...

Getting “The Server is not operational”

c#,asp.net,active-directory
I'm trying to get user groups in a web application: private bool GetGroups(string userName, string domain, out string result) { PrincipalSearchResult<Principal> groups; PrincipalContext yourDomain = = new PrincipalContext(ContextType.Domain, "fibi.corp"); // find your user UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName); // if found - grab its groups if (user != null) {...

Automated execution of a powershell script on Active Directory, Triggered from a web page

powershell,web,active-directory,citrix,netscaler
I am proposing an idea for a final year project that is basically a virtual environment. I would be using Citrix XenServer in conjunction with Windows Server 2008 R2 and Citrix netscaler to make the server accessible over the web. I would also be hosting a website on the server...

Getting users from another AD Domain using PrincipalContext

c#,asp.net,active-directory,asp.net-mvc-5,active-directory-group
How would I get users from an AD Group which contains users from different domains. For example, I have 2 domains in my active directory, Domain1.corp.com and Domain2.corp.com I have an AD group called TestGroup which contains users from both the domains. Domain1 users: TestUser1, TestUser2 Domain2 users: TestUser3, TestUser4,...

Unlock AD account based on partial name

powershell,active-directory
Im looking to quickly unlock AD accounts. I want to enter in the partial name e.g. donald d have it return e.g. donald duck locked donald donovan disabled donald davids enabled Then choose e.g. donald duck to be unlocked So I need to list the relevant accounts including locked accounts...

LDAP connection only works on localhost

c#,asp.net,web-applications,active-directory,ldap
I have a login page that verifies credentials with active directory and redirects to the next page. When I run it locally it works perfect, but when I put it out on our webserver it gives an error trying to create the group principal: (System.DirectoryServices.DirectoryServicesCOMException (0x80072020)) I need to find...

How to show all value that have a null entry in a specific column

powershell,active-directory
I am wanting to bring forward a CSV file containing all users Name, SamAccountName and Description, however we have noticed that there are several people who do not have descriptions. What I am looking for is how to edit my existing code (I know there's a simple way to do...

Why rsAccessDenied error on SSRS when using Chrome but not in IE

sql-server,reporting-services,permissions,active-directory,ssrs-2008
I am trying to identify reason why SSRS service URL throws an exception when using Chrome while not with IE. I tried running both of them with Administrative account. http://xyz-shantanug/Reports/Pages/Folder.aspx User 'Domain\userName' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC)...

Replace the name of environment variable by it's actual value from environment in a text file

powershell,active-directory,automation,environment-variables,silent-installer
I am trying to automate Active Directory installation on Windows Server 2008 using windows powershell. I created a text file with .tmpl extension and added: [DCINSTALL] ReplicaOrNewDomain=_ReplicaOrNewDomain__ Then I created an answer file in a text format: [DCINSTALL] ReplicaOrNewDomain=$env:ReplicaOrNewDomain Now I want to be able to write a script in...

Connecting to ldap securely for Dummies

php,ssl,active-directory,ldap,xampp
I have been struggling for days with no progress, to start with I have very little knowledge with LDAP and Active Directory. I need to use php to connect with an ldap server over an enterprise and then simply run a bind. I went through a lot of material around...

Active Directory Change Home Folder Path using Power Shell

powershell,active-directory
I am trying to change the Home Folder Path and assign it a letter using power shell. I am currently using set-aduser in powershell to change the other parameters in AD. How do you assign it a drive Letter and also assign the Path as well? ...

Powershell Exchange Module remote mailbox issue

powershell,azure,active-directory,exchange-server,office365
I have created a scripts that automatically creates a user in Exchange and than adds a license to it from o365 however i need the box at the bottom where it says "automatically update email addresses based on the email address policy applied to this recipient" to automatically be checked...

Am I using Active directory authentication in my ASP.NET MVC 5 app?

c#,asp.net,active-directory
I'm developing an ASP.NET MVC 5 app with .NET Framework 4.5.1 and C#. On web.config I have added this: <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> And set on ASP:NET MVC Visual Studio project Windows authentication enabled and disabled Anonymous authentication. This app will be use inside an Intranet,...

Java - Access to remote active directory with linux

java,linux,active-directory,ldap
my problem is that I had to deploy an application onto a linux server. The authentication is based on a remote active directory. Everything was working fine, but since i have deployed onto the linux server, my authentication no longer works. This is my authentication code: public boolean connectUser(String login,...

Get members of Active Directory Group and check if they are active or inactive

c#,active-directory
I'm trying to search for users in AD and display them in a list box only when they are inactive. This is the code I have written private void button1_Click(object sender, EventArgs e) { PrincipalContext insPrincipalContext = new PrincipalContext(ContextType.Domain, "DX", "DC=RX,DC=PX,DC=com"); ListUser(insPrincipalContext); } private void ListUser(PrincipalContext insPrincipalContext) { UserPrincipal insUserPrincipal...

Azure Active Directory Login: Web App Permissions, User Consent not triggered

azure,oauth,active-directory,azure-active-directory
I have currently set up a AAD instance and I am authenticating my users against it via my web app, and it’s working great. When I added and configured the application on AAD, I added the required Application and Delegated Permissions to access the Office365 Calendar API. However, the only...

Besides user/auth info, what else should be stored in Directory Services?

active-directory,ldap,directoryservices,apacheds
This excellent answer explains the advantages of LDAP/Directories over RDBMSes under the right circumstances, but only mentions user account and auth-centric information as being the types of data to store in a directory. The answer basically attributes the following advantages to a directory: Tuned for ultra-fast reads, typical in an...

Access violation when reading memory

c++,windows,memory,active-directory,ldap
Background I am writing a command line C++ program with Visual Studio 2013 Community Edition. It connects to an Active Directory server via LDAP and retrieves a list of unique values in a couple of attributes (ex: office location, department). Problem The program compiles fine, but I encounter a memory...

Azure AD User management delegation

azure,active-directory,azure-active-directory
I am using Azure AD to create users, groups for an application that sits outside of Azure AD (hosted internally) I want the ability to delegate the user management to an admin of that application (create users, assign groups etc) I can see that in the Premium Azure AD subscription...

Silverlight authentication using Active Directory

c#,silverlight,authentication,active-directory
I have developed a Silverlight app, and the customer is asking me to add an authentication window at the app startup, and he would like to let the user log in if the user exists in the active directory users of the company. And depending on which group the user...

Get-ADGroup pulling all groups but Domain Users

powershell,active-directory
For some reason this script works perfect except it does not pull the "Domain Users" group, does anybody know why or how to get it? It pulls all other groups. Import-Module Activedirectory Get-ADUser -Filter * -Properties * | sort SamAccountName | % { New-Object PSObject -Property @{ "First" = $_.givenName...

Issue connecting Microsoft Access to Active Directory

ms-access,active-directory,ldap
I am trying to connect Active Directory to Microsoft Access 2010 using the LDAP string to import data into a database, which is queried by ASP. Even though I am looking to return contact details, i.e. firstname, lastname, email, phone number, etc. Due to not being sure what the field...

Active Directory VBScript Issue

windows,vbscript,active-directory
I'm creating a script to assign a Active Directory user to a group but I want to use a text box input instead of predefining the username. I know I'm doing something stupid here but strUserName is a predefined dim value at the top of the code. userPath = "LDAP://cn=users"...

When powershell is “runas” different user (different domain as well), get that user's domain, and not the logged in user's (on localhost) domain

powershell,active-directory,runas
I know how to get the domain of the user that you are logged into on windows. That's not the problem. You can do that with $env:USERDOMAIN (and various other ways...) My situation: I'm logged into windows as D1Username under DomainOne. I run cmd and do: runas /user:DomainTwo\D2Username /netonly powershell...

How to access softwares installed by local user in domain user account

dns,active-directory,user-accounts,windows-server-2012-r2
I have installed a lot of application and utility software on my laptop using my local windows 8.1 account. recently i have joined a company where i got a domain account, when i joined the company domain and logged in using domain account i couldn't find most of my application...

Getting username and group info from Azure using adal4j

azure,active-directory,azure-active-directory,adal
I am developing a mobile app in which I need to authenticate a user against Azure AD. Basically the user will be prompted their organisational email and password, which the mobile phone app sends to the backend server which will authenticate. I have the 'public-client-app-sample' of 'azure-activedirectory-library-for-java' working, and can...

Clarification required about PrincipalContext security permissions and PrincipalContext's ContextType.Machine

asp.net-mvc,c#-4.0,active-directory,directoryservices,principalcontext
using (PrincipalContext Context = new PrincipalContext(ContextType.Domain, DomainURL, UserName, Password)) { UserPrincipal Account = new UserPrincipal(Context); Account.GivenName = strFirstName; Account.Surname = strLastName; PrincipalSearcher srch = new PrincipalSearcher(Account); foreach (var principal in srch.FindAll()) { var p = (UserPrincipal)principal; String FirstName = p.GivenName; String LastName = p.Surname; } } If i use the...

How can I use powershell to retrieve AD distinguishedName from the employeeID only?

powershell,csv,active-directory
What I'm trying to do is run a script which compares employee IDs from a CSV file to AD, and if they're NOT in the CSV but ARE in AD they should: - be disabled - have a termination date comment added to the description - move to a different...

Azure Active Directory Graph Client 2.0 - Contains Expression

c#,azure,active-directory,graph-api-explorer
When querying Users etc using the Azure ActiveDirectoryClient it does not seem possible to construct a expression that has the 'Contains' keyword e.g. activeDirectoryClient.Users.Where(u => u.Surname.Contains(searchString)) .ExecuteAsync() I can successfully use u.Surname.StartsWith or EndsWith. Is this supported? If not is there an alternative? Thanks....

Assigning multiple value property 'directReports' using System.DirectoryServices Active Directory APIs

c#,active-directory
My initial attempts to assign multiple values as directReports to a user in Active Directory were to use DirectoryEntry objects and assign as follows: DirectoryEntry de; //get it from somewhere de.Properties["directReports"].Value = object[] { "CN=user123,CN=Users,DC=DOMAIN,DC=xyz", "dn2", "dn3" }; de.CommitChanges(); //error: contraint violation occurred It also didn't work for the "manager"...

How to get LastLogon from ALL Domain Controllers

powershell,active-directory
Thanks to the user Vesper I have been able to get this far with my Powershell script. Get-ADDomainController -filter * | % {Get-ADUser -Filter "Enabled -eq 'True'" -server $_.name -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,LastLogon‌​,Manager,Title,Department,Organization,Enabled -SearchBase "DC=REMOVEDFORANONYMITY,DC=com" | ? {$_.EmployeeID -notlike "EXCLUDE" } | Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='Last‌​Logon';...

Search for certain UPN suffix

powershell,active-directory
How do I search AD users by UPN suffix in AD? The users are under Uofguelph/SEC213/users OU. Some users have @sec213.com suffix and some have @home.sec213.com suffix. I need to search for users who only have @sec213.com suffix. I have the following two code snippets. Code 1 gets all accounts...

Is nltest output not valid to use with new-object?

powershell,active-directory
when running the nltest command "nltest /dsgetdc:contoso.com", I get the following output: DC: \DC1.contoso.com Address: \192.168.0.100 Dom Guid: 1234567a-abc1-4d66-a421-153f0116d8c7 Dom Name: contoso.com Forest Name: contoso.com DC Site Name: New York Our Site Name: New York Flags: PDC GC DS LDAP KDC TIMESERV....etc.. What I'm trying to do is capture the...

Filtering AD property from get-ADUser

powershell,active-directory
so i am writing a script, in our company we store users home-directory on network drives, and when they leave we rename the directory by adding .left to the folder name, example: "name.left" and we actually used to do so by finding the user in AD copying the content of...

Get User's Manager Details from Active Directory

c#,active-directory
How can I get details like the manager name and email address from the active directory manager associated with a user? I am able to get all details of users: ActiveDirectory.SearchUserinAD("ads", "sgupt257"); public static bool SearchUserinAD(string domain, string username) { using (var domainContext = new PrincipalContext(ContextType.Domain, domain)) { using (var...

Log in through active directory

c#,login,active-directory
I want to create LogIn button through Active Directory. So i have an idea to take Name logged user(Windows) from his Domain: string Name = System.Security.Principal.WindowsIdentity.GetCurrent().Name; and then take Group for Login above: string Group = System.Security.Principal.WindowsIdentity.GetCurrent().Groups.ToString(); // <---I think this is wrong ? string allowedGroup = "Admins"; then something...

Why builtin security groups not in the attribute memberOf?

active-directory,ldap,memberof
If I query the AD then for some users the attribute memberOf does not contains any builtin groups. The users with the problem are all moved in a separate OU. The query is simple: (&(objectClass=person)(uid=xyz)) But the "Active Directory Users and Computers" tool from Microsoft show this members. Where can...

Dynamic distribution groups: Which DDGs is user part of?

active-directory,exchange-server-2010
I know how to get all the members of a dynamic distribution group: I can take the distribution group, get the AD filters from msExchDynamicDLFilter and msExchQueryFilter properties and query the AD for the users who match that filter. Now, how do I go the other way? E.g. show which...

Best practices when configuring relying party for on-premise authorization

active-directory,asp.net-identity
I've created a website within the company that utilizes our active directory server to authenticate. I am concerned about security surrounding setting up relying parties with "localhost" domains. I've pretty much followed this guide on setup. You'll notice about halfway down the page, there is a step to set up...

The RPC server is unavailable while creating user in Active Directory

asp.net,azure,active-directory,rpc,membership-provider
I am trying to get my asp.NET application to register new users in Active Directory. using the default Active Directory Membership Provider in asp (.NET 4.5) While logging in works just fine, I get the following error when trying to create a new user: The RPC server is unavailable. (Exception...

Best way to Query Microsoft AD with Python 3

python,python-3.x,active-directory
Two part question: What is the "best" way to query Microsoft AD with Python 3.x? With "best" defined as multi-OS support and use of core Python libraries preferable. Examples of querying AD structure for members of a specific AD group would be extremely appreciated. I've looked at a few different...

How to get users without subgroups in ActiveDirectory?

powershell,active-directory
I have a PowerShell script that give me all users from specific groups as list (User, user, user - where "," is my list separator) and then I add them into *.xlsx file (after split them). What I want, is checking that actual group member is user or subgroup. Actually,...

Active Directory Change Webpage field using PowerShell

powershell,active-directory
I am currently trying to figure out how to change the web page field in Active Directory using Powershell! I have found out how to change every other field but no where says how to change that field! (example: http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/) I am currently using Set-User -Identity 'xxxxxxxxxx' -Description 'xxxxxxxx' -Office...

Is LDAP DN case insensitive?

active-directory,ldap
I build some feature that assumes that LDAP DN is case insensitive. I have checked it with ActiveDirectory, Oracle and OpenLDAP and it is case insensitive. Is it correct for all LDAPs?...

Convert Distinguished Name to SamAccountName without Get-ADUser

powershell,active-directory
My machines have the original build of PowerShell v2.0, so Get-ADUser will not work. I am trying to convert the manager property from it's distinguishedname to it's SamAccountName. $searcher = [adsisearcher]"(samaccountname=$env:USERNAME)" $searcher.FindOne().Properties.manager This works perfectly if I had Get-ADUser: (get-aduser (get-aduser $user -Properties manager).manager).samaccountName Grabbed get-aduser statement from here.....

Enabling AD account using powershell

powershell,active-directory
All the new user accounts created in Active Directory are kept as disabled and the option "user must change password on next login" is ticked. This accounts will remain as disabled for 7 days and in the 8th day it needs to be enabled.. Creating the account is already done...

Access all users from active directory

c#,active-directory
I want all active directory users. I have tried the following code but only CN property is available. These other properties are not returned: 1)username 2)email 3)phoneno An ObjectReferance error is thrown. using (var context = new PrincipalContext(ContextType.Domain, "mydomain.com")) { using (var searcher = new PrincipalSearcher(new UserPrincipal(context))) { foreach (var...

Access manager information from Active Directory

c#,asp.net,active-directory
Attach is the picture of active directory, which i got from my IT department. Now i want to get the manager information in C#. NOTE: I am able to get all information of user but there isn't any key of manager, but IT department just gave me above attached...

Authenticate Local Windows User Accounts

active-directory,ldap,windows-authentication,directoryservices,adsi
I have written this JScript to validate Local Windows User Accounts: function ValidateCredentials(strUsername, strPassword) { var ADS_SECURE_AUTHENTICATION = 1; var objWMISvc = GetObject("winmgmts:\\\\.\\root\\cimv2"); var colItems = objWMISvc.ExecQuery( "Select * from Win32_ComputerSystem"); for (var it = new Enumerator(colItems); !it.atEnd(); it.moveNext()) { var objItem = it.item(); if (objItem.PartOfDomain) continue; var strWorkgroup =...

Active Directory move a user to a different OU

c#,active-directory,directoryservices
I'm working on a program that will automate the separation process for users leaving our network. One of the tasks it performs is moving the user account from the OU it is in, to a Former Employees OU. I've been having problems with this step even though I've not had...

find if user account is enabled or disabled in AD

c#-4.0,active-directory
I need to find if user account is enabled or disabled in AD. i Cant find the flag or property "userAccountControl". is this can be achieved using USERPRINCIPAL class? drop_persona1.Items.Clear(); string valor = drop_area.SelectedValue; List<string> allUsers = new List<string>(); PrincipalContext ctx2 = new PrincipalContext(ContextType.Domain, "xxxxxxxx", valor); UserPrincipal qbeUser2 = new...

Getting LastLogon and LastLogonTimeStamp from ALL Domain Controllers into 1 output CSV

powershell,active-directory
So far I have this: Get-ADDomainController -filter * | % {Get-ADUser -Filter "Enabled -eq 'True'" -server $_.name -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,LastLogon,Manager,Title,Department,Organization,Enabled -SearchBase "DC=webcoindustries,DC=com" | ? {$_.EmployeeID -notlike "EXCLUDE" } | Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='Last‌​Logon';...

How can I compare CSV to AD users and disable users not in CSV?

powershell,csv,active-directory
As a process to disable users, I have a CSV where users are identified by employeeID and not username. I need to loop through and compare the CSV to AD users, and any AD user not in the CSV needs to be disabled. This is what I have so far,...

Active directory and linux nslcd binding without extending the AD schema

linux,windows,active-directory,windows-server-2012,openldap
I have a requirement of binding linux clients to Windows Server 2012 Active Directory. I have a test environment where I successfully did that both with samba-winbind-kerberos, and with nslcd, using a user to authenticate. However, when using samba-winbind-kerberos, I was able to achieve this without extending the AD schema...

Do while Powershell issue

powershell,azure,active-directory,office365
I am trying to build a script that creates the AD user and than assigns it an o365 license. I currently have the script that creates a user in exchange and AD no problem. however the server syncs up every 15 minutes to bring over the users credentials to the...

OData error: “A value without a type name was found and no expected type is available.” when calling Azure Active Directory Graph API

asp.net,azure,active-directory,openid,azure-active-directory
Let's see if you experts have a clue of what's going on here. Context We have a web application running on Azure Web Sites. This WebApp uses OWIN + OpenID Connect to authenticate users against an Azure Active Directory tenant. Also the application uses the Azure AD Graph API to...

Security - Use Active Directory or SQL Server and Why?

sql-server,active-directory,sql-server-2012
My company is currently planning to reconfigure security and we are currently arguing over which way to go, storing everything in Active Directory or in SQL Server? So setting up Active Directory groups and use it to create a read and a read/write group and just move users in and...

Rename surname and givenName of contact object

powershell,active-directory
Can someone please tell me how I can rename sn and givenName of a contact object in active directory? This is how I query the data in my contacts OU: Get-ADObject -Filter {(ObjectClass -eq "contact") -and (givenName -like "*myName*") } -Properties sn, givenName -SearchBase "OU=contacts,DC=domain,DC=name" From Microsoft: To modify the...

isolating one column from output in powershell

powershell,active-directory
good morning. i am trying to avoid GUI at my job to practice powershell and one of the daily tasks i have is to check if a user was added to the right groups so i was using the cmdlet: get-aduser $username -Properties memberof | select -expand memberof and im...

Active Directory computers not contain certain group

powershell,active-directory,active-directory-group,group-membership
I have to audit whole Active Directory domain computers with software. I find out that old admin deployed Audit software for Group 'Audit_Software'. My goal is find all computers in domain which dont have 'Audit_Software' membership. eg. 'Audit_Software' contain 2x computer accounts 'netbios_PC1' 'netbios_PC2' but whole domain have many more...

authentificate asp.net mvc 5 application from adlds instance

c#,asp.net,asp.net-mvc,active-directory,ldap
Hi i want to integrate LDAP(AD LDS installed on windows 8.1 machine) forms authentification to my mvc 5 application . i don't know if i m missing something on the web.config or my c# code is wrong but i m connected successfully from ldp.exe and ADSI Edit as User=Admin who...

Compare AD against CSV

powershell,csv,active-directory
I am trying to create a script that will compare our AD against all the users in a CSV. Our HR department has the master database for all staff but when they make changes they rarely inform us so they now export all users from the HR database to a...

Is “maxPwdAge” a constant attribute name for LDAP?

active-directory,ldap
I am new to LDAP and I am wondering if attribtue names like "maxPwdAge" and "pwdLastSet" are constant attribute names for LDAP, not just AD? The reason that I want to know this is because I want to write a program to calculate password expiration time for all systems that...

How to query ManagedBy property of ADComputer in a Foreach loop?

powershell,active-directory
I'm trying to generate a list of computers owned by a particular PDL and I'm encountering some syntax issues: $group = Get-ADGroupMember -Identity "pdl" | Select-Object -ExpandProperty DistinguishedName Foreach($item in $group) { Get-ADComputer -Filter "ManagedBy -eq "$item"" -Property managedby | Select Name } The second part is based on another...

DSC with xActiveDirectory: Verification of prerequisites for Domain Controller promotion failed

azure,active-directory,dsc,domaincontroller
I'm starting to become a big fan of "Desired State Configuration" (DSC). Great work so far, guys! Im using the "xActiveDirectory" script (https://gallery.technet.microsoft.com/scriptcenter/xActiveDirectory-f2d573f3) published a few weeks ago. As soon as the VM is deployed in Azure, I get the following error: Job {860932CF-ECE2-11E4-80BB-0003FF54BC14} : This event indicates that a...

SQL Query - LEFT(),20

sql,active-directory,username
I have spent a while trying to get a query together to create AD usernames based on 2 column values. As you may be aware - the limit for these usernames is 20 chars. The query works for 99% of my current and past data - however, there are still...

Error code 0x8000500D when trying to access PasswordLastChanged

vbscript,active-directory
I'm writing a VBScript that will simply check each user in AD if their password has been changed within a given number of days. When I was trying to get it working for a single user, I came up with the following working code: Option Explicit Dim objUser, strLDAPConnection, intPwdExpLimit...

Creating AD-Users from VBScript -> Error Code 0

vbscript,active-directory
I am running into a strange error in VBScript: [...] objUser.sAMAccountName = strNTName On Error Resume Next objUser.SetInfo If (Err.Number <> 0) Then On Error GoTo 0 Wscript.Echo "Unable to create user with NT name: " & strNTName & " - Error-Code: " & Err.Number & " (sAMAccountName)" Else [...]...

Using JWT with Active Directory authentication in NodeJS backend

node.js,security,authentication,active-directory,jwt
I am building an intranet web application consisting of an Angular frontend and a Node.JS backend. The application needs to use the corporate Active Directory for authentication and authorization. I'm considering how to best implement this in a secure way. I am planning to use the Active Directory node module...