Quantcast
Channel: Software Communities : Popular Discussions - Quick Connect
Viewing all 1307 articles
Browse latest View live

Powershell script to handle string with multi-value field data (QuickConnect)

August 20, 2013, 2:23 pm
$
0
0

Hi all,

 

 

I haven't dealt with Powershell too much and I am trying to find a good solution for handling a string (mulit-value data coming from SAP phone record) with a post-sync script on QC before the data is populated to Q1IM..

 

The string has the following format: "(303) 123-4567 |(304) 123-4567| (306) 123-4567" (no live data, delimiter is "|"). We only need the 1st record as it is the most recent one. Using the date here is no option as currently QC for SAP can not read those dates on that SAP infotype.

 

We can not rely on the area code to always have the brackets in place so cutting the string off at some point might lead to bad results.

 

Here is what I would love to see the script do:

 

1. look for delimiter in the string; if there is none, pass on the string as it will be the only phone number

2. if there is the delimiter then cut off everything to the right of the delimiter including the delimiter itself and pass on the remaining part, the most recent phone record.

 

Any hint is appreaciated.

 

 

Thanks

Mark

Search

Script to update the Password expired field from AD to E-Dir

November 30, 2009, 12:34 pm
$
0
0
When users change their password in AD, the password expiration reset is not communicated back to E-Dir. How can I use Quick Connect to update this attribute? The password expired attribute is part of the ms-DS-User-Account-Control-Computed Attribute so I do not know how to sync this value without modifying other attributes.
Is there a better way to do this?

Quest Quick Connect Express for Active Directory - Questions

March 30, 2011, 8:42 am
$
0
0

Hi

I am a newbie to the Quest products; however I am in charge if implementing the following product:

Quest Quick Connect Express for Active Directory, which I downloaded from: http://www.questsoftware.de/activeroles-server/quickconnect-express-for-active-directory.aspx
Quest_QuickConnectSyncEngineStandaloneModex64_470.

We need to use this product as we are now in the middle of an AD migration\Transition process from an older domain to a newer domain.

The AD migration is done by the means of other tools; however, the password synchronization between the two domains (Bi-directional) should be accomplished by Quest Quick Connect Express for Active Directory.

The major reason for the planned the password synchronization is to simplify the logging process of users to applications that reside in both domains, so that the user has to recall only one password.We are about to start the evaluation process of the aforementioned product . Therefore, I have some major and principal questions I need the answers to prior to implementing the product:

1.   Does password Synchronization take place for all existing passwords or does it occur only when a new password has been created or changed?
2.       Is password – Synch in bi-directional?

3. What about password security? Is it possible to see and read passwords that have been synchronized or about to be synchronized in clear text? Or are passwords encrypted during the entire password synchronization process?

4. As you may probably guess we have many Domain controllers with different operating systems and FSMOs? Are there any restrictions regarding  the OS, Platform architecture, FSMO,  Domain functionality level and trust relation ships? I have searched the entire homepage of Quest for respective Information (release Notes, Knowledge Base articles and so on..) but no avail.

5.  Is there any known negative impact, or known issues, of the capture agents (synch process) on the DC’s?

6.  The downloaded version is for 64 bit machines, I have also found the respective Capture Agents (Stand alone) for x64 Bit platforms. What about DC’S that are 32 bit? I assume they will need the 32 bit version of the standalone version? Is there a risk of version mismatch that would negatively impact the password synch?

7.       What is the difference between the stand alone version of QQCE for AD and the version (with sync Engine)?It would be great if you could assist on this issue. I am also aware of the Admin Guide, but it still does not answer my questions.

Thank you in advance for your assistance.
  Message was edited by: falke

Message was edited by: Falke

Provisioning condition based on group membership in source AD

September 26, 2011, 1:10 pm
$
0
0

Hi,

 

I would like to create a provisioning step that provisions user objects based on their membership in the source Active Directory: "If user is member of group "MySyncGroup" in connected source AD then provision this user to managed AD Domain."

 

I already tried a provisioning condition like that one: if source users attribute "memberof" contains "MySyncGroup" then provision this user.

But this was not successfull as it seems that Quick Connect does not evaluate all entries in the multivalued attribute "memberof".

 

Another option would be to build this provisioning condition with a custom script that queries the connected domain.
But I did not find the dokumentation on how to return $True or $False to the Quick Connect provisioning condition.

 

Would be great if someone could tell me what I am missing.

 

Many thanks

 

Oliver

Writing QC Actions to a Flat File

September 16, 2013, 9:47 am
$
0
0

Looking for a way to write all QC action sto a flat file once a provisioning activity has been run.  Essentially capturing which accounts were successfully provisioned along with their associated attributes that were set.  If a failure occurs, I would like to be able to capture that as well and present it in the flat file.  Anyone know how I can capture that level of summary data at the time of account provisioning?

Unmapping not working

April 15, 2013, 9:46 pm
$
0
0

Hi

 

I have a mapping rule that maps lines in a CSV file to AD accounts.  The CSV File is:

 

EmployeeNumber,UPN,First,Last

00001,matt@domain.com,Matt,Hitchcock

 

The mapping rule is UPN in the CSV file equals UserPrincipleName in AD.  All mappings work fine.

 

The issue is, when re-running the mappings after changing some UPN's in the CSV file, lines where the UPN no longer matches the UserPrincipleName attribute to the account which the line in the CSV is already mapped to, these mappings are not becoming unmapped.  So it seems like once a mapping is in place, it is no longer re-evaluated for validity.

 

Is there a way to either make this re-evaluation happen every time mapping is run, or to unmap all objects after a workflow has run?

Using Password Transformation from AD to LDAP

May 6, 2013, 2:29 am
$
0
0

Hi All,

 

I have a question around password transformation.

Can Active Directory password be transformed before written in LDAP to "replace" unsupported characters in the password policy on the LDAP side (this is a RSA Access Manager component). Apparently the RSA Access Manager does not allow characters like the question mark ( '?' ) in password and replaces this with another unicode character.

 

The Active Directory Password Complexity rules allows for a number of non-alphanumeric characters to be used which include the question mark:

 

http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx

 

The following special characters are allowed:

 

Non-alphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

 

 

1) Is it therefore possibly to replace such characters using a password transformation script?

2) If YES, then I would have to modify the password transformation script on the LDAP connection dialogue?

3) Yes anyone ever done this? I see in the product documentation that passwords can be shortened for example but not how to replace individual characters.

 

Any help is greatly appreciated.

Quick Connect SAP HCM 'Manager' attribute

July 17, 2013, 3:00 pm
$
0
0

Hi!

 

We are trying to read the Manager property from SAP HCM using Quick Connect 2.2.

 

Going by the "QuickConnectForSAP_2.2_QuickStartGuide", page 38

Unbenannt.JPG

 

I am under the impression that some SAP references are missing, e.g. which infotype, as simply saying PA30 is pretty vague.

 

The challenge we are facing right now is that we need to provide the customer with more detailed information on how to populate the according field QC tries to pull the information from. Currently they do not seem to populate such information. What they have in place is a manager attribute (some red hat) and a BAPI which is able to determine someones supervisor, but that info is not stored anywhere but is solely processed on the fly. I will attach that BAPI.

 

What information could we priovidfe them with that would help them populate the required field?

 

Thanks in advance.

Search

How to use PoSh Script in Password Sync Settings to modify object attributes

March 11, 2013, 6:59 am
$
0
0

Hi,

 

I am trying to work out how I can update update object attributes during password sync using a PowerShell script.

The first general question is:

 

Do I have to provide the credentials to bind to the target object even though I already have a connection (because of the password sync)?

This mean I have to provide in CLEARTEXT the password of the account that need to have WRITE permissions on the target object. In general I find this a security concern.

 

If I am using PowerShell to "transform" the desired string to be written into a target attribute, how do I need to define this in the source script?

The Target Item only allows "attributes".

 

I have been looking for some samples but It just does not seem clear.

 

For example, if I want to write the current time of the password change into a custom LDAP string on the LDAP server called "passwordLastChangedOn" as the target attribute, how would the PoSh script look like If I am coming from Active Directory?

 

Setting the attribute for the time of passwordlastchangedon I can derive from:

 

 

$PWDLastSet = ([DateTime]::Now).ToUniversalTime().ToString("yyyyMMddHHmmssZ")

 

Is this all I need?

 

 

Any help is appreciated.

 

Thanks!

QuickConnect and ConstructUniqueSamAccountNameForCreation

August 21, 2006, 1:03 am
$
0
0
Good day,

Am wondering if anyone might have had some experience with the
ConstructUniqueSamAccountNameForCreation and
ConstructUniqueCnForCreation methods in QuickConnect. I've created a
script that looks something like this:

DstObj("cn") = SA.ConstructUniqueCnForCreation(SrcObj("Column1") & _
" " & SrcObj("Column2"), DstObj)
DstObj("displayName") = DstObj("cn")
DstObj("samAccountName") =
SA.ConstructUniqueSamAccountNameForCreation(Left(SrcObj("Column1"),1)
& SrcObj("Column2"), DstObj)
DstObj("edsaUPNPrefix") = DstObj("samAccountName")

This works great for ensuring that my samAccountName is unique if the
user already exists in the directory, but not if my input file
contains users that would result in duplicates. For example, if my
input file contains John Smith and Jane Smith, the samAccountName will
end up being 'JSmith' for both users. The second user will fail to
create, of course.

Has anyone already come across this and found a way around it without
having to develop your own whole
ConstructUniqueSamAccountNameForCreation function?

Thanks so much,
Shawn.

spml - modify the CN and change the ou - how to do this?

November 6, 2008, 7:26 am
$
0
0

We need to be able to transfer people around and handle name changes on our users

we been successful at creating our users in the appropriate ou with the excpected cn/dn info

but we can seem to get the smpl to "move" them or rename them

given a cn and dn as follows:
where cn is
     Tuser Chuck (Calgary)
and dn is 
      CN=Tuser Chuck (Calgary),OU=Calgary,OU=Users,OU=Corp,DC=dev,DC=global,DC=ad

i'd like to be able get things changed to:
cn being
   Tuser Charles (Edmonton)
and dn being
   CN=Tuser Charles (Edmonton),OU=Edmonton,OU=Users,OU=Corp,DC=dev,DC=global,DC=ad


for instance
<psoID ID="CN=Tuser Chuck (Calgary),OU=Calgary,OU=Users,OU=Corp,DC=dev,DC=global,DC=ad"/>
      <modification modificationMode="replace">
        <data>
          <attr name="ou" xmlns="urn:oasis:names:tc:DSML:2:0:core">
            <value>Edmonton</value>
          </attr>
          <attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
            <value>Tuser Charles (Edmonton)</value>
          </attr>
...

returns
<?xml version="1.0" encoding="UTF-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <soap:Body>
    <modifyResponse status="success" xmlns="urn:oasis:names:tc:SPML:2:0">
      <pso>
        <psoID ID="CN=Tuser Chuck (Calgary),OU=Calgary,OU=Users,OU=Corp,DC=dev,DC=global,DC=ad"/>
        <data>
          <attr name="cn" xmlns="urn:oasis:names:tc:DSML:2:0:core">
            <value xsi:type="xsd:string">Tuser Chuck (Calgary)</value>
          </attr>
          <attr name="objectClass" xmlns="urn:oasis:names:tc:DSML:2:0:core">
            <value xsi:type="xsd:string">top</value>
            <value xsi:type="xsd:string">person</value>
            <value xsi:type="xsd:string">organizationalPerson</value>
            <value xsi:type="xsd:string">user</value>
          </attr>
...

note the claim of success in the message but when viewed through the ARS console no changes actually appear on the user's attributes

any suggestions as to how to tackle this?

thanks - dan.



Password Sync from AD Connector to a ARS Connector

December 11, 2012, 12:08 am
$
0
0

I have seen that you can sync passwords on QC 5.1 from the AD to AD but is it possible to sync passwords from an Active Directory connector to an Activeroles connector and if so how?

Quick Connect VB Script to generate the UPN Suffix

May 15, 2007, 6:27 am
$
0
0
Hi,
can someone help me out here. I need to create a script file to generate the user UPN prefix and UPN Suffix flow rule during user creation in Quick Connect. Getting the UPN Prefix is easy since I have a an attribute in the source object. However the suffix should be the @ character followed by the domain dns name. Below I have a sample which unfortunately does not work since the script does not know the object domain and can't therefore get the domain's dns name.

Sub CreationTransformation(DstObj, SrcObj)
DstObj("edsaUPNPrefix")=SrcObj("Account_Name")
DstObj("edsaUPNSuffix")="@" & domain.edsaDnsName
End Sub

Any help appreciated. Thankx, Andy

VDS LDAP Proxy option

June 13, 2013, 3:59 am
$
0
0

Dear Sir/Madam,

 

May I ask if the ldap proxy option still as an available license option?

 

Or there is only one license option for VDS?

 

Thanks,

Pat

Provisioning condition based on group membership in source AD

September 26, 2011, 1:10 pm
$
0
0

Hi,

 

I would like to create a provisioning step that provisions user objects based on their membership in the source Active Directory: "If user is member of group "MySyncGroup" in connected source AD then provision this user to managed AD Domain."

 

I already tried a provisioning condition like that one: if source users attribute "memberof" contains "MySyncGroup" then provision this user.

But this was not successfull as it seems that Quick Connect does not evaluate all entries in the multivalued attribute "memberof".

 

Another option would be to build this provisioning condition with a custom script that queries the connected domain.
But I did not find the dokumentation on how to return $True or $False to the Quick Connect provisioning condition.

 

Would be great if someone could tell me what I am missing.

 

Many thanks

 

Oliver

Search

Assignement to google group of users located in a different domain (Secondary)

October 23, 2013, 7:43 am
$
0
0

Hi Guys,

I am facing a very big issue while assigning users located in an different domain than the location of the group. In the screenshots you will see for example:

The assignment of users to group "franke.meetings@test.franke.com" will show after the update step in QC Consol only for users located in the primary domain "test.franke.com" and the others users located in "test.carron.com" (test.carron.com is a secondary google domain) are not shown in the google admin web interface.

There is also another screenshot which permits to show the mapping objects and the Members, so all the users are presents but the located in the secondary domain are not update in google.

Could you please help to resolve this issue and please let me know if you need any other details?


PS: The assignment of users located in the secondaries domain in google works perfectly (When it's done directly in Google Interface).

Kind regards

Retrieving manager DN...

March 10, 2010, 8:46 am
$
0
0
QC 4.0.3, Powershell 2.0.  Oracle database contains employee manager in the lastname, first name format "Doe, John".  In order to update users manager I must retrieve the full DN of the manager based on their display name.  I do so using this script:

# --- Function for retrieving managers distiguished name
function Get-DistinguishedName {
Param($UserName)
   $ads = New-Object System.DirectoryServices.DirectorySearcher([ADSI]'')
   $ads.filter = "(&(objectClass=Person)(displayName=$UserName))"
   $s = $ads.FindOne()
   return $s.GetDirectoryEntry().DistinguishedName
}
# --- Retrieve users manager
$userManager = $srcObj["SUPERVISOR_NAME"]
# --- Retrieve distinguished name of manager and set variable
$manager = Get-DistinguishedName "$userManager"
# --- Assign the manipulated data
$manager

Script works within PowerGUI and in fact works on a single user from within QC, however, after processing for single user in QC I get the dreaded "You cannot call a method on a null-valued expression" error message.

When you preview the results of that single users QC does in fact retrieve the manager and the full DN of said manager.  When I preview all the users that were processed, they all do in fact have a manager listed so I'm a bit confused about the error message.

Getting manager fails

April 7, 2010, 9:17 am
$
0
0
I can't seem to get the Manager field to update.  In my file I have the managers username.  I'm using a POSH script to get the DN.  Here is the script.

Add-PSSnapin -Name Quest.ActiveRoles.ADManagement
$(Get-QADUser ($srcObj["Manager"])).DN

Other attributes seem to work.  Can anyone direct me?

ARS MA Throwing Errors when deprovisioning users

August 19, 2010, 8:45 am
$
0
0
I am working with a customer that has the Quest ARS MA installed on their MIIS server. We are odd issues whent the Quest MA runs an Export to Active Directory.

During the MA processing if a user is marked or deprovisioning, Quest is supposed to disable the AD account and move the user to another OU. During the export we are seeing an error for every user to the effect ...

Cannot modify object "<GUID...>" Administration Service encountered an error making changes to the object "CN=..." The name reference is invalid (HRESULT: 0x800720B5)

Cannot modify object "<GUID...>" Administration Service encountered an error making changes to the object "CN=..." Directory object not found (HRESULT: 0x8007208D)

In testing we have seen the Export run take upwards of 25 hours to process 1,000 deprovisions. I am guessing that the processing time is extended due to the fact the MA is throwing an error on every account that is pending deprovisioning.

The odd thing is if we look in AD after the Export is complete all those accounts have been properly deprovisioned from an AD perspective.

Any thoughts?

difference syntax between the manger field in the SQL and AD

February 21, 2012, 4:33 am
$
0
0

Hello,

 

I have a problem in quest one quick connect when I tried to sync AD user's manager with the SQL field "manager". The problem is due to the difference in the syntax between the manger field in the SQL (it is a name like waseem Emam) and the manager property in the AD (it is should be the CN of the account like CN=ahmed El-hady,OU=IT,OU=Users,OU=Users&Computers,OU=OTH,DC=moonstone,DC=com)

 

The workflow:

 

Source SQL

Target AD

 

 

Thank you

 


Viewing all 1307 articles
Browse latest View live
Search