Portal administrators from Active Directory groups

I want to add additional users with the status of "admin", so that more people can use the "Admin Console". I want to do this using Active Directory groups.

Can anyone say if this is possible and how?


Maybe it's in the documentation, but I couldn't find it.

For now, it is not possible to assign the Admin role to a group of users. However, you can promote individual users to the Administrator role. You can search for a user name and click on the user name to view the details of a user. On the left side, you will see a role (s) and the 'User' text is clickable. When you click on that text you will be able to change the role.

Tags: VMware

Similar Questions

  • We look for details user for all users directly from Active Directory in a webcenter portal application?

    We look for details user for all users directly from Active Directory in a webcenter portal application?

    Hi again.

    Is not just WebCetnerDS in WebLogic... If it's a CustomPortal you had created a CustomPortalDS.

    You need to do a DB connection in your y JDeveloper Portal App than a link to the WebCenterDS schema.

    Deployment and testing of your WebCenter Portal: Application Framework - 11g Release 1 (11.1.1.7.0)

    Follow the links provided by Vinay on the WLST.

    Kind regards.

  • Firepower does not work when using the Active Directory group as a rule filter access control

    I am PoV of Cisco ASA with the power of fire with my client. I would like to integrate the power of fire to MS Active Directory. Everything seems to work properly.

    -Fire power user agent installation to complete successfully. Connection to AD work fine. The newspaper is GREEN.

    -J' created a Kingdom in FireSight and you can download users and groups from Active Directory.

    -J' created a politics of identity with passive authentication (using the field I created)

    -Can I use the AD account "user" as a filter in access control rule and it work very well.

    However, if I create the rule of access control with AD Group', the rule never get match. I'm sure that the user that I test is a member of the group. Connection event show the system to ignore this rule and the traffic is blocked by the default action below. It doesn't look like the firepower doesn't know that the user belongs to the group.

    I use

    -User agent firepower for Active Directory v2.3 build 10.

    -ASA 5515 software Version 9.5 (2)

    -Fire version 6.0.0 - 1005 power module

    -Firepower for VMWare Management Center

    Any suggestion would be appreciated. Thanks in advance.

    Hello

    You should check the download user under domain option. Download the users once belonging to a group is specified on the ad and then test the connection.

    Thank you

    Yogesh

  • Active Directory groups can be put into service in the FDMEE places?

    Hi experts FeeDMEE:

    We are upgrading to HFM/FDMEE 11.1.2.4.    We would like to use only the Active Directory groups for our security in Shared Services.

    I did a lot of audit looking at whether we can use security location FDMEE ad groups.  So far, the only way I found to make the security location uses the native approach (settings / security settings / security location...) Security by location, click on keep usergroup to set up groups).    But it doesn't seem to be an option if you create groups such as native or ad groups (FDMEE them creates only natively).

    Does anyone know if it is possible in FDMEE to use security of the location ad groups?

    Thank you
    Mark Smith

    I discovered that it is more possible for FDMEE create Aboriginal groups for the security of the location.

    However, Active Directory groups can be added as members of indigenous groups.   In this way, users should only be added to Active Directory groups.    The only maintenance is to add or remove groups active directory to or from the indigenous groups of FDMEE.

  • Administrator rights to the ACS using Active Directory groups

    Good afternoon

    We must be able to use administrative accounts for our device ACS who reside in an Active Directory group, if possible.  If this is not possible, what other safer options would we be able to use (RADIUS authentication or authentication RSA 2)?

    Thanks in advance

    You can only use the locally stored accounts within the ACS.

  • Accounts are deleted directly from Active Directory?

    Friends,
    Question on the Active Directory Connector,
    If I 9.1.0.2 Oracle Identity Manager integrated with Active Directory 2003 and I account provisioning AD by the IOM. My question is how to detect IOM accounts are deleted directly from Active Directory?

    Thank you

    In performing the tasks to schedule Active Directory Delete reconciliation

  • separate authentication and authorization for Active directory groups

    Hi all

    After a long search and failure, I write the question.

    I use apex oracle 4.2 on windows server 2012 on oracle 12 c, all 64 bits.

    We have configured Microsoft Active directory with LDAP.

    in LDAP, we have a core group which is say A and an is down there students and the two groups.

    According to the staff, there are many other groups and students, there are a lot of groups.

    I created a mobile application, it has a main page that is publicly accessible without username and password.

    in this home page, I have a list that contains two elements, personnel and another is a student.

    When one of the list item, the login screen appears.

    now I want to control when the user clicks on the staff list, only personnel should be authenticated.

    If the end user is a student, it doesn't have to be authenticated.

    the same goes for the student list item, if the end-user click on list of students, only students must be authenticated.

    someone please guide me, I'm failed in research and testing.

    Thank you.

    Kind regards.

    Hi Maahjoor,

    Try this (it is written all the attributes for the user) by logging in to your schema to SQL Developer:

    DECLARE

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn=hct\itnew';
  l_ldap_passwd  VARCHAR2(256) := 'itnew';
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get all attributes
  l_attrs(1) := '*'; -- retrieve all attributes
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);

END;
/

    NOTE: The DN parameter on line 29 requires exact unique name for the user. In addition, on line 37 to filter, you can use username i.e. "cn = firstname.lastname."

    You can specify a specific attribute must be extracted from the user in order by changing line 33 of the:

    l_attrs(1) := '*';

    TO

    l_attrs(1) := 'title';

    Then you can write a function based on above the code to extract the attribute LDAP user as follows:

    create or replace function fnc_get_ldap_user_attr_val ( p_username in varchar2
                                                      , p_password in varchar2
                                                      , p_attrname in varchar2 )
return varchar2
as

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn='||p_username;
  l_ldap_passwd  VARCHAR2(256) := p_password;
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_attr_value   VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get specific attributes
  l_attrs(1) := p_attrname;
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
          l_attr_value := l_vals(i);
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);
  DBMS_OUTPUT.PUT_LINE('Attribute value: ' || l_attr_value);

  return l_attr_value;

END fnc_get_ldap_user_attr_val;
/

    Then create an Application AI_USER_AD_TITLE tell you item request-> shared components.

    Create following procedure to define the point of application on the connection of the user in your APEX application:

    create or replace procedure ldap_post_auth
as

  l_attr_value varchar2(512):

begin

  l_attr_value := fnc_get_ldap_user_attr_val ( p_username => apex_util.get_session_state('P101_USERNAME')
                                             , p_password => apex_util.get_session_state('P101_PASSWORD')
                                             , p_attrname => 'title' );

  apex_util.set_session_state('AI_USER_AD_TITLE', l_attr_value);

end ldap_post_auth;

    Change the "name of procedure after authentication' in your 'ldap_post_auth' authentication scheme

    Then modify the process in charge on your homepage to your application of PORTALS to:

    begin

    if :AI_USER_AD_TITLE = 'Student' then
        apex_util.redirect_url(p_url=>'f?p=114:1');
    else
        apex_util.redirect_url(p_url=>'f?p=113:1');
    end if;

end;

    I hope this helps!

    Kind regards

    Kiran

  • Import from active directory?

    Hello

    How can I import users active directory with the server vCenter via vSphere Client

    Rizwan

    The vCenter Server is installed needs to be part of a domain.

    Then connect to your vCenter with the vSphere client, choose the "permissions" tab, click on add permissions, click Add once again and you will be at the user and group choose windows. Select your domain from the drop-down superior and users in your domain will be loaded into the Windows of the user below.

    Greetings

  • Strategy of Kerberos WinServer2008r2 Active Directory group

    Hi all

    Need help bad in this. I'm trying to implement kerberos on my active directory. What I understand is kerberos is the default and the primary authentication protocol used when connected to a domain, but where and how do I configure kerberos settings in group policy? I managed to find configurations of kerberos in the "Local Group Policy Editor", but this would not push configurations to my clients right?

    I want to disable NTLM authentication as well and once again I can found under local policies > security options, but they are all local policies right? Is it possible that I can disable NTLM on my active directory and ensure that these settings are applied to my both client computers?

    Thank you so much in advance!
    PS: Sorry if I got some of my facts wrong, I'm a student performs internship and my understanding in active directory is not as strong.

    Server forums are more on the side the web site of Microsoft TechNet,
    This is where you find people who know.

    http://social.technet.Microsoft.com/forums/en-us/categories

  • 6.0 ESXi host Active Directory Group authentication works in the hull but no client

    Got a weird here.

    Add 6.0 host vSphere to Active Directory.

    Added a group of pub with the Administrator role.

    I can authenticate with an AD user account that is a member of this group of ads, using SSH or Shell access.

    I cannot authenticate with an account AD who is a member of this group of ads using the Web UI or Client vSphere linking directly to the host.

    If I add the domain user directly with the role of administrator on the host computer permissions, the Web GUI and vSphere Client will be authenticate using the user of the AD.

    What it looks like access using SSH/Shell, vSphere host can burst of belonging to a group and to authenticate, but using the GUI Web or vSphere Client he can't.  There are not a lot of sense to me.

    The hostd.log file has nothing in it which is very informative, just a line saying "status: success accepted password for the user", followed by the event 131: could not connect the user without permission.

    Hello

    If you are in 6.0 Update 2? Then, this article could describe your problem:

    https://KB.VMware.com/kb/2145400

    Please try the fix and let us know if it helps.

    -Andreas

  • Transition from Active Directory objects always results in objects 'not found '.

    Hello

    I have a use case where I need to pass objects generated by the AD Plugin. What I mean by the way is "pass" of an element to the element in a workflow. For example, I have an action that gets the user of an ad object and rewritten it in a workflow attribute. The next action in the workflow will be this attribute and process it further.

    Another use case would be that I have a workflow and several assets directories configured within the AD Plugin and so I want the user to specify what AD to use. So the AD:ActiveDirectory is an input parameter which is treated in the workflow.

    In both cases I am running into the same error: the AD:Object initially is not found, created and defined. I can check this using a few outputs System.log(""), printing AD-object data in the console. However, at the time when a next action will reference the AD:Object input parameter / attribute the workflow raises a null pointer exception, saying that the AD:Object is not found. When we look at worklfow series in display variables that I see the AD:Object reference is missing, not showing "found - missing element."

    What I'm doing wrong here?

    Have you tried the technical preview of the 1.0.5 version of the Active Directory plugin? Looks like there's a fix for this problem: version Technical preview of VMware vCenter Orchestrator plug-in for Microsoft Active Directory

  • Cisco CX - Active Directory groups

    Hello

    I'm starting a Cisco CX deployment. Our company has more than 1 k users. I create access policies, but I'm a little stuck on a problem. I can creat policies using the username but not the ad groups, I see that there is the option, but it does not work (it does not retrieve ad groups).

    The interface wonder what follows:

    Groups

    Users

    Identity objects

    Anyone got it to work?

    Make sure that your ads of research base is fairly low in the tree to display groups.

    By example, if your basic search are Corp./City/users, but your groups report directly to Corp, she probably won't find and shoot groups.

  • Problem, try to add a user from active directory.

    I joined my vcenter server announcement, when I try to add a user from the ad to the authorization tab, I get this error "the following error occurred when checking the names:

    "ADM\system-test - a general error has occurred: allow exceptions.

    It's not exactly the problem, but it can refine the root cause

    http://KB.VMware.com/kb/1015639

  • Add the Active Directory group to the ESXi host permissions

    I am trying to add a group of ads as an administrator directly to an ESXi host (not in vCenter).  I tried to use the following code:

    $domain = "mydomain".

    $group = "mygroup".

    $svcaccount = $domain + "\" + $group

    $folder = get-file-name "ha-folder-root".

    $authMgr = get-View Manager

    $perm = new-Object VMware.Vim.Permission

    $perm.principal = $svcaccount

    $perm.propagate = $true

    $perm.group = $true

    $perm.roleid = ($authMgr.RoleList | where {$_.}) ({Name - eq "Admin"}). RoleId

    $authMgr.SetEntityPermissions (($folder |)) Get - View). MoRef, $perm)

    I get the following error:

    You can not call a method on a null value expression.

    $authMgr.SetEntityPermissions < < < < (($folder |)) Get - View). MoRef, $perm)

    When it is connected to ESX the Manager Id is "Manager-ha-authmgr" you may not use the shorter expression of Get-View:

    $authMgr = Get-View AuthorizationManager

    The safe way to get the Manager display is via ServiceInstance object:

    $si = Get-View ServiceInstance
$authMgr = Get-View $si.Content.AuthorizationManager

    Kind regards

    Yasen Kalchev

    PowerCLI Dev Team

  • ACS authentication with Active Directory based on ad groups

    Hello

    I'm trying to integrate Cisco ACS 5.4.0.46 with AD and I connected successfully GBA to AD and I used as a successful AD authentication for network devices but my problem now is that anyone with an AD account can connect to network devices that compromises security. I created a group in AD that I would use and I added the group under users and identity stores > external identity stores > Active Directory > groups directory. I also chose source of identity for Default Device Admin as AD1 and under the authorization, an authorization policy that uses a compound condition that uses AD1 and the custom group. However after you have set all that I am still able to connect to the switch with a user not in the custom group. Based on what I have explained to you can someone tell me if Miss me a step?

    Thank you

    Derek Velez

    Thanks for the update and the fence wire. Set default default rules to deny access when user legimitate if does not match a rule set by the administration of the CSA he should get denied access. In your case, it has been updated a permit so that both type of users access (members and non-members of ad groups).

    The best way to resolve these issues is to look at the monitoring and troubleshooting > attempt user > magnifying glass. You will see how this user has been allowed access.

    ~ BR
    Jatin kone

    * Does the rate of useful messages *.

Maybe you are looking for

  • Satellite L650-116 - can't play games online

    Hello I have problem with my Toshiba Satellite L650-116. I can't play games online. "Every time when I m starting the game, top salons reviews failed to connect with the server.I tried with different games such as: Americas Army, World of Tanks and o

  • Can I possibly have to reinstall my Windows XP from scratch so I can give it to my friend without the CD?

    Reinstall Windows XP Professional without disc Can I possibly have to reinstall my Windows XP from scratch so I can give it to my friend without the CD? If it helps, it's a computer of American Megatrends. I also need a new installation and power rei

  • When you try to receive updates get error code 80070005 "windows can not find updates."

    I have Vista Home Basic. I didn't update of microsoft since 07/12/11. Obviously that's when support for SP 1 ended.  But I have 2 SP.  I was on the support online chat with microsoft for 2 hrs and unresolved problem.  All of the suggestions.

  • Deleting the files temporarily in the trash

    I just tried to delete several files temporarily to the TRASH, only to discover that they have been permanently deleted.  This is the case, although I customized the maximum size setting to 6000 MB! I have never experienced this problem before and I

  • A15 BIOS DON'T SE DOES NOT!

    Sorry, it's all this old stuff, but that's how life is sometimes... so, I'm in the process of applying the most recent (and probably last) BIOS update for my OptiPlex 780 SFF faithful, but the new version is not a flash file - it's download, put on a