Do you know if it is possible to find out last log in date/time for users in Cognos 7.5?
I am trying to find where I can locate the last date/time a user logged in. My Access Manager does not contain that information. We use SunOne Directory for Cognos 7.5
Related
I have an issue here with an user who has taken over the email of an old employee.
aa#domain.com
When searching for the user in sharepoint the correct name shows up
"Alex Alexen"
When looking at the user data either in azure active directory,graph api or delve
it all shows up as
"Alex Alexen"
However, if "Alex Alexen" tries to access a site he does not have access to "request access", the request shows up as
"Ali Alison" has requested access to X.
"Accept/Deny"
Is there somewhere else on sharepoint where user data is store?
Many years have
Years have passen from Ali to Alex.
• In sharepoint online, the items are retained for a period of 93 days from the time you delete them from their original location. They stay in the site recycle bin for the time until the bin is emptied, or the items are deleted from there. After that, these items are permanently deleted from the sharepoint database.
• Check if you are using directory synchronization, if yes, then the user has to be deleted from the on premises active directory first and then from Microsoft 365 admin center. After you delete a user, a series of jobs will remove the user from sharepoint. After the next incremental profile import job, the user (or users) will be marked as deleted, the user's profile page will be deleted, and the user's OneDrive will be marked for deletion by the MySite cleanup job.
• To delete a user from Microsoft 365 admin center, you will have to login as a global administrator and delete the user from there. Also, you can try clearing the browser cache and history of the browser from which you are accessing the sharepoint site.
Even after deleting a user from Microsoft 365, if the user still appears in people searches, you will have to delete it from user info list. To do this, please refer the steps below: -
• Browse to each site collection that the user had access to and visited the site, then add the ‘/_layouts/15/people.aspx?MembershipGroupId=0’ string to the site collection URL as a suffix and access it. Ex.: - ‘https://abc.manage.com/_layouts/15/people.aspx?MembershipGroupId’
• Once opened, select the person from the list, then on the ‘Actions’ menu, select ‘Delete users from site collection’.
Please refer the below links for more information: -
https://learn.microsoft.com/en-us/compliance/assurance/assurance-sharepoint-online-data-deletion
https://learn.microsoft.com/en-us/sharepoint/remove-users
Thanking you,
Is it possible, in SharePoint 2010 Foundation to find out when a user was added to a particular user group? I have full admin privileges as a site owner. I can find this information out through Audit Log reports but unfortunately I did not turn these on from day one so am looking for another method. I assume that SharePoint must be storing this information somewhere.
You can achieve this using Powershell, use the repadmin command. Like below
repadmin /showobjmeta dc1 'CN=Domain Admins,CN=Users,DC=rivendell,DC=com'
For more detail check this post
I i'm trying to install crm on a server, but getting this error..
System.Exception: Action Microsoft.Crm.Setup.Server.GrantAspNetServiceAccountAccessAction failed. ---> System.Runtime.InteropServices.COMException: The security ID structure is invalid.
any help ?
have trying:
reinstall my server
closing the server with my sql
The problem have been found and solved.
The problem lies in the administrator being member of many AD groups.
The solution:
Open regedit
Browse to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters"
Create new DWORD named MaxTokenSize
Set value data to 65535 (Decimal)
Close regedit and reboot server
Cause:
The user cannot authenticate because the Kerberos token that is generated during authentication attempts has a fixed maximum size. Transports such as remote procedure call (RPC) and HTTP rely on the MaxTokenSize value when they allocate buffers for authentication. In Windows 2000 (the original release version), the MaxTokenSize value is 8,000 bytes. In Windows 2000 Service Pack 2 (SP2) and Windows Server 2003, the MaxTokenSize value is 12,000 bytes.
Kerberos uses the Privilege Attribute Certificate (PAC) field of the Kerberos packet to transport Active Directory Group membership. Starting with Windows Server 2012, this also applies to the Active Directory Claims information (Dynamic Access Control) field. If there are many group memberships for the user, and if there are many claims for the user or the device that is being used, these fields can occupy lots of space in the packet.
If a user is a member of more than 120 groups, the buffer that is determined by the MaxTokenSize value is not large enough. Therefore, users cannot authenticate, and they may receive an "out of memory" error message. Before you apply the hotfix that is described in this article, every group that is added to a user account increases this buffer by 40 bytes.
Sounds like you're trying to install this on a server logged in as a user that doesn't have the required permissions. Taken from MS Dynamics on Technet:
Required for installation of Dynamics CRM 2011
Domain administrator
If you cannot be domain administrator the following privileges are required:
Member of Active Directory Domain Users
Permissions to create security groups in Active Directory (alernatively you can ask an administrator to pre-create the required security groups; you must then install Microsoft Dynamics CRM 2011 from the command line specifying a configuration file).
Member of the Administrators group on the computer where you install the CRM
Read and write permissions on the folder 'Program Files' on that computer
Member of the Administrators group on the computer where SQL Server installed
SQL Server sysadmin.
Reporting Services:
Content Manager root level
System administrator for site-wide SSRS
Tip:
To find out what security groups the logged in user belongs to open up a command prompt and run the following command:
gpresult /V
I currently have my report server set up so that a user's AD groups determines which reports they can run. The user can be access the reports through either Report Manager or a custom site that I've created.
To reduce clutter, I would like to make it so that the user won't be able to see any reports or folders to which they do not have access. I can't find a setting in Report Manager or a way to do this using the ReportService in my web app. Is it possible to do this?
Report Manager does work that way. If they are seeing folders or reports, they have access and you may want to double check your authorization settings.
With regard to your custom application, you'll probably want to make sure you are passing in the logged in users credentials to the report server. If your custom application runs under a security context that has full access on the report server, then users will be able to access reports they shouldn't be able to access.
I am using moss 2007 version 12.0.0.6421. and Active directory version 6.0.. . my AD domain is siamint so if i add a user as vikas. it gets added in AD with logon name as vikas#siamint.com now if i add a user sahil#yahoo.com into ad. it gets added as sahil#yahoo.com#siamint. now when i try to add user from peoples and groups,site settings in a sharepoint site; i gets user siamint\sahil in people picker. rather it should be siamint\sahil#yahoo.com. it means the name is truncated from #. Is this a sharepoint error or what. Ultimately i think it means we cannot add users with # in their usernames.
When you add a user to Active-Directory you give a "user session Name" (1) which is composed with the domain name (2) to give an attribute which is the real login name stored in an attribute called "userPrincipalName".
So "jpb#dom.fr" in the preceding picture IS NOT a mail adress but the UPN (userPrincipalName) of your user in Active-Directory.
Since Windows 2000 UPN is supposed to replace the old login string (3)
Edited
Sorry, it's in french, but as you can see '#' is allowed in the logon part of the UPN. Look in Microsoft documentation (Active directory naming) for more information.