active-directory

问题 I am trying to use TFSSecurity to configure security on our new instance of TFS 2017. It works great when I test it by adding local user accounts on the TFS server into a TFS group but fails as soon as I change to trying to add domain groups or accounts. Here's the command and the results I am getting: PS C:> &"E:\TFS 2017\Tools\tfssecurity.exe" /g+ "n:[Project1]\Contributors" n:"DOMAIN1\TFS-Developers" /collection:http://myTfsServer:8080/tfs/PrimaryCollection Microsoft (R) TFSSecurity - Team

问题 We have an issue at work where too many people have the same password and end up logging into other user's accounts. This is not helped by the group leaders who insist all work passwords should be similar. I know it is a different issue, but is there a way to check the AD and say these users have the same password? 回答1: No way since the passwords are separately hashed. However, I would just go on and push the button enforcing everyone to change their password, as well as put policies on how

问题 We have an issue at work where too many people have the same password and end up logging into other user's accounts. This is not helped by the group leaders who insist all work passwords should be similar. I know it is a different issue, but is there a way to check the AD and say these users have the same password? 回答1: No way since the passwords are separately hashed. However, I would just go on and push the button enforcing everyone to change their password, as well as put policies on how

问题 I am remotely removing a user U from a Group G. But I have to log off and log on the user U to ensure that permissions for Group G do not apply any more to User U. This is on a Windows 2008 server. Is there a way to force the entire exercise of calculating permissions (which is done when a user logs in) while the user is logged in? Thanks in advance. 回答1: You can purge the Kerberos TGT (and all your service tickets) using something like klist purge. I don't know what APIs to call to do this

问题 I am trying to get my asp.NET application to register new users in Active Directory. using the default Active Directory Membership Provider in asp (.NET 4.5) While logging in works just fine, I get the following error when trying to create a new user: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) http://i.imgur.com/PjjBxkJ.png (I know this should be an image, but I can't embed those yet) This happens as soon as I submit the form. Though it also happens with the Create

问题 I am querying my active directory using novell.directory.ldap.netstandard from my .net core project. It is only bringing back a maximum of 1000 users, I know this is because the PageSize on the server is set to 1000, how can I get the code to bring back all active directory users? - I am using the async search method. string ldapHost = ""; int ldapPort = ; string loginDN = ""; string password = ""; string searchBase = ""; string searchFilter = ""; string[] attributes = new string[] {

问题 I am connecting to a Microsoft Active Directory server in a DMZ from my .net application (asp.net VB .net 4.0). I need to create a new "inetorgperson" in an orgunit called "SingleCustomerAccount". I have had to use the System.DirectoryServices.Protocols namespace for all the work, because the ADSI classes (System.DirectoryServices namespace) wouldn't work across the DMZ properly. Anyway it's been working fine connecting to Active Directory on Windows Server 2003 R2; however we're running

问题 First of all, please forgive me if I'm not using the correct terminologies. Correct me wherever I'm using the wrong terminology. The objective is to programmatically retrieve the lastLogon date of a given username. We have what I believe is a forest; two AD servers like - adserver01.aa.mycompany.com and adserver02.aa.mycompany.com I connected to these servers from a third machine using Microsoft's ADExplorer to inspect the objects. There I see some users having lastLogon date available in

问题 What I need to know: is it possible to authenticate my Tomcat-Users via two completly different Acitve Directories? So that my Tomcat looks for the credentials in both ADs at the same time? And if its possible, how? Can I just configure them as two realms? What I tried: Googled a lot, didn't get a satisfying answer. Sadly I do not have a testing environment 回答1: Yes. Define a JAAS realm, with two LoginModules, either of which is 'sufficient', in the language of JAAS. Each LoginModule should

问题 I have the Active Directory module installed on my Windows 7 workstation using PowerShell 3 and when I use "Set-Location AD:", it is using my current domain. Is it possible to set my base location to a different domain? Import-Module ActiveDirectory Set-Location AD: Get-ChildItem (shows current DC info) I would like to switch to a different AD server. 回答1: You can try this. Assuming your domain name is fabrikam.local Import-Module ActiveDirectory New-PSDrive -Name ADFAB -PSProvider