I recommend the following links. Developing Multi-Tenant Web Applications with Windows Azure AD http://msdn.microsoft.com/en-us/library/windowsazure/dn151789.aspx Adding Sign-On to Your Web Application Using Windows Azure AD http://msdn.microsoft.com/en-us/library/windowsazure/dn151790.aspx

This is written so that $sourceData can be a string like the following. If you really want to pass $sourcedata as an array of char remove the [char[]] cast from the function. $sourcedata="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-$" Function GET-Temppassword() { Param( [int]$length=10, [string[]]$sourcedata ) -join ([char[]] $sourcedata | GET-RANDOM -count $length) } get-temppassword $sourceData 20 GVTXxF13ibnBK5AQOu-P

The ToDoTableViewController is not getting generated here. ManagedContext does not seem to be causing this. In your ToDoTableViewController do you have a property named 'parentViewController' which you are trying to access ?

I finally found the way to access the attribute. Instead of using directly the DirectoryEntry to connect to the LDAP such as : DirectoryEntry DEBase = new DirectoryEntry("LDAP://" + DomaineName); I used DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, domaineName)); DirectoryEntry dERoot = System.DirectoryServices.ActiveDirectory.Domain.GetDomain(context).GetDirectoryEntry(); Then I have no problem accessing the gecos attribute

There's no reason to not write code as you ask for consideration on… nothing prohibited in the slightest. These objects get released in the same manner that any other object gets released. Your lack of a variable to store the pointer in at the top level isn't important because the Objective C runtime knows about the object.

Possibly been overthinking this... the bfile example should have indicated what's happening, but this assumes that your original question is slightly wrong and you're actually seeing: XML_DATA -------------------------------------------------------------------------------- (XMLTYPE) The type being shown in brackets for both queries suggests you're running this in SQL Developer; SQL*Plus hows the actual text rather than the type. If that is the case, to show the contents you can use the GETSTRINGVAL method: SELECT XMLTYPE(bfilename('TMP', 'tmp.xml'), nls_charset_id('UTF8')).getstringval() xml_data FROM dual; ... or if the XML is more than 4000 characters the GETCLOBVAL method. If you're inserting the value i

Robocopy doesn't have the granularity, but XXcopy seems to handle it. /DA#30m selects files made within the last 30 minutes. XXcopy is free for non commercial use and can be downloaded from http://www.xxcopy.com XXcopy is xcopy on steroids.

I do not know, whether I understood your question correct. You can wipe-out a moc with -reset. All references to objects become invalid. You have to refetch them.

As the implementation of Example is not performed within the CDI container the injection doesn't happen. What you can do is to lookup the bean manually using the BeanManager. According to the docs, the BeanManager is bound to the jndi name java:comp/BeanManager. Using the following code you can get the BeanManager within your implementation class and lookup the dependencies manually: InitialContext context = new InitialContext(); BeanManager beanManager = (BeanManager) context.lookup("java:comp/BeanManager"); Set<Bean<?>> beans = beanManager.getBeans(YourBean.class, new AnnotationLiteral<Default>() {}); Bean<YourBean> provider = (Bean<YourBean>) beans.iterator().next(); CreationalContext<YourBean> cc = beanManager.createCreationalContext(provider); Your

I'm having the same issue :( I haven't come across a solution.. except maybe to create a landing page on facebook canvas. This will prompt them to switch from "Page" to "Personal" before going through your application setup.

Create a new account [1] and go through the OAuth 2.0 Web flow [1]. [1] https://accounts.google.com/SignUp [2] https://developers.google.com/drive/auth/web-server

I generally recommend against using timers but this is a case where you could use one. On the AfterInsert set the form's TimerInterval at something like 500. Then put your Me.Requery code on the Timer event and also set the TimerInterval back to 0. After AfterInsert event should set the TimerInterval back to 500 which will prevent the timer from firing until all records have been pasted in. I see you are using Macros. I don't know if you can use the timer in Macros or not. I don't use macros at all and I recommend learning VBA instead of using them. Private Sub Form_AfterInsert() Me.TimerInterval = 500 End Sub Private Sub Form_Timer() Me.Requery Me.TimerInterval = 0 End Sub

You cannot set them back to their previous status as if they had never been reset to active as TFS doesn't allow you to fake dates and/or remove history. However, if you look at the test run under Test >> Analyze Test Runs you should be able to see what the result of those tests were before you reset their status. You can then change the status of those tests back manually.

This looks like a solution for this (not straightforward): http://ondrej-kvasnovsky.blogspot.com/2013/07/meteor-how-to-login-with-github-account.html

FindName returns a string but you never use it anywhere string result = FindName(account); you can then use the local variable result inside your bExport_Click method as you wish

I think this filter should work: (&(objectClass=user)(sAMAccountName=yourUserName) (memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)) Well I am sure this could be tuned to work for you. -jim

The latest version of the /n software BizTalk Adapters includes an LDAP Adapter that can be used to access active directory http://www.nsoftware.com/products/biztalk/adapters/ldap.aspx

If you are looking for other option other than openldap on Windows. You can try winldap, for more info you can visit their msdn page, there are some examples too which can help you. http://msdn.microsoft.com/en-us/library/windows/desktop/aa367033(v=vs.85).aspx

I am not sure I understand AngularJS angle. If I had a regular WCF service I would use WindowsIdentity from ServiceSecurityContext.Current. http://msdn.microsoft.com/en-us/library/system.servicemodel.servicesecuritycontext.aspx ServiceSecurityContext securityContext = ServiceSecurityContext.Current; if (securityContext == null) throw new Exception("Failed to retrieve Service Security Context"); WindowsIdentity identity = securityContext.WindowsIdentity; currentUser.name = identity.Name

You can bind to an object directly given its SID like this: var entry = new DirectoryEntry("LDAP://<SID=S-your-sid-here>"); Both SID and sAMAccountName are unique in the domain.

Here is a break up about how to achieve this. Select all users for all events that were created since a given date Select all users who are not in the above set subquery = Event.select("user_id").where("created_at >= :start_date", {start_date: params[:start_date]}).to_sql; User.where("id NOT IN (#{subquery})") Hope this helps.

I recommend you this article http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx from Microsoft. The configure file seems OK.

You can explore an external active directory domain just providing a valid user of that domain to query the domain server to the DirectoryEntry object. string adUser = "DomainUser"; string adPass = "DomainUserPassword"; string path = "LDAP://x.x.x.x"; // Here goes your Domain Server IP. DirectoryEntry rootEntry = new DirectoryEntry(path, adUser, adPass); DirectorySearcher ds = new DirectorySearcher(rootEntry );

Here's a general idea of the algorithm: Load user data from SQL Server Convert it into an LDIF (LDAP Data Interchange Format) file Import the LDIF file into Active Directory using the LDIFDE command-line tool Python, or any other programming language, can help you with step 2. Notice that the details of the conversion are very specific to how your data is represented. You'll have to carefully map each data base field into an LDAP attribute, and determine the classes to be used in the LDAP objects. Will the above modify existing users? yes, of course. You could write the LDIF in such a way that it updates the existing data, or if that's a problem you could verify first if an user exists in the Active Directory and don't add those changes to the LDIF file. Alternatively You could use

Try GroupPrincipal oGroupPrincipal = new GroupPrincipal(ctx, samAccountName); And oGroupPrincipal.Save(ctx); Code samples for Active Directory - http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C# Active Directory With C#

Your question is unanswerable, as "performance" depends greatly upon many factors.. for instance, network speed, network latency, network saturation, the power of your AD server vs your SQL Server, the disk subsystems in use in either, etc... There is no way to say one way or the other without thoroughly evaluating each environment, and even at that point, you should just benchmark each and determine what works best for you. In most cases, though.. the decision between sql vs ad has nothing to do with performance, and has to do with the features offered by each. I would strongly doubt you have 100,000 users in your active directory, as that would cost a millions of dollars in licensing costs.

It looks like you're using the AD libraries for traditional on-premise AD. To program against Azure AD, use the Auzre Authentication Library (AAL). Note, last week AAL was renamed to Active Directory Authentication Library. http://msdn.microsoft.com/en-us/library/jj573266.aspx

Although you had supplied so little information about the domain and network relationship with your development machine and web server, I assume the web server has no physical connection to the Active Directory server that you depend your code on. Then it should be impossible for web server to query the AD directory. If web and AD servers are on same network than you may need to work on the firewall settings of both web server and AD server to make sure that they can communicate. If web and AD server have no communication problems you should check the availability of that "Validusers" to a code running at web server. As IIS applications run with the user account that is defined for the application pool that hosts the application, you should make sure that the app pool identity has enough

if you install adsiedit it will help you get the appropriate LDAP string to use. it's easy to get tripped up with this stuff, so i'd verify that the object you're looking for really is located where you think it is. for instance, i open adsiedit.msc (by ctrl+r adsiedit.msc enter) right click, choose connect to. then under computer i choose default. then i hit ok. i can then dig around the folder structure of AD for the object (person) i'm looking for. in my AD Schema, my user account can be navigated to using LDAP://CN=greenierb,OU=TSG,OU=Users,OU=Accounts,OU=Boston,OU=Offices,DC=domain,DC=com which is the reverse of the folder structure you navigate through in adsiedit (from the bottom of the hierachy (ie the user) up).

Your process has to be run under active directory user otherwise you should provide also active directory user credentials when creating PrincipalContext. This is simple code to find user by userName: var context = new PrincipalContext(ContextType.Domain, "yourDomainHost"); var userInfo = UserPrincipal.FindByIdentity(context, userName); EDIT: if you need to use directory searcher you can try this method: bool ContainsUser(string domain, string userName) { string ldapBase = string.Format("LDAP://{0}", domain); // in case if process is not running under AD user use: new DirectoryEntry(ldapBase, "userName", "password") using (var entry = new DirectoryEntry(ldapBase)) { using (var searcher = new DirectorySearcher(entry))

If you are comfortable with PHP, you should be able to achieve the above no problem! The beauty of PHP is that someone somewhere along the line had the same problem as you so chances are, there's an established solution already. adLdap seems to be a good solution, a library that already does most of the hard work for you and all you'd need to do would be integrate it into your script! See: http://adldap.sourceforge.net/wiki/doku.php?id=documentation_user_functions Hopefully this can make it a little easier for you so you can concentrate on the other things like the actual functionality of the website itself.

Consider ADFS and ws-federation. Ws-federation is an enterprise sso protocol that gives you cross domain authentication/authorization in a sso manner. Adfs is a free implementation of the protocol that sits on top of the active directory. It is relatively easy to set up. But having a client application that expects a ws-federation identity provider, you can substitute the provider with any compliant provider, your own or the identityserver which is another free implementation but can use a membership provider. The completely custom implementation on the other hand would give you a chance to set up and serve an arbitrary identities. The is a small learning curve for this approach but benetifs are: cross domain sso support for multiple browsers for free (kerberos/ntlm based ad authenti

Something like this should work: Const ADS_PROPERTY_APPEND = 3 dn = "cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com" isMember = False 'check regular group memberships For Each m In objGroup.GetEx("member") If LCase(m) = LCase(dn) Then isMember = True Exit For End If Next 'check primary group primaryGroupID = GetObject(dn).Get("primaryGroupID") objGroup.GetInfoEx Array("primaryGroupToken"), 0 If primaryGroupID = objGroup.Get("primaryGroupToken") Then isMember = True If Not isMember Then objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(dn)

I'd put the restricted department users into an AD Group, then you could put it in your web.config under authorizations denying that specific group privileges. See below for example (DepartmentIDs would be your AD group): <?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" /> <authentication mode="Windows" /> <authorization> <allow roles="DomainNameAuthorizedUsers" /> <deny users="DomainNamesDepartmentIDs" /> </authorization> </system.web> </configuration> Users you can also specify as <deny users="comma-separated list of users"> Or you can deny roles. There are quite a few options here. You can also do permissions in IIS

If it is ASP.NET this should work: public static List<string> GetGroups(string userName) { RoleProvider roleProvider = new WindowsTokenRoleProvider(); return roleProvider.GetRolesForUser(userName).ToList(); } Super simple

I think the solution is in the Authentication type. Originally, I was using the following: IIS Authentication Anonymous: Disabled ASP.NET Impersonation: Disabled Forms: Enabled Windows: Disabled And in my Web.config file I was using Forms authentication. Apparently for Active Directory authentication, the type has to be Windows. Original: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> Revised: <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> I know this worked, but since I'm new to MVC, I could still be missing something.

The LDAP path to the users container is not correct. The users container is not an organizational unit but a simple container. So, you have to specify a different LDAP path. The LDAP path to the users container in your case is: LDAP://cn=Users,dc=abc,dc=def,dc=com Also consider what Hall72215 mentioned in his answer. Use the whole LDAP path directly in the constructor of the DirectoryEntry class.

From the online help page try using -SearchBase filter C:PS>Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=Fabrikam,DC=com"

A connection to AD will always require windows credentials. Your code, as posted, does not supply any credentials to AD. (You pass in a user name that you are looking up, but that is not the same as supplying credentials for the connection). This will work for users whose machines are attached to the domain...because your network credentials are passed in implicitly. For the external devs, when they VPN in, they supply credentials to the VPN protocol, which allows their machines to access your network, but that doesn't mean their machines are 'joined' to the domain...so AD will still require explicit credentials from them, including a personal password or a service account password that has permissions to access AD. This line: using (DirectoryEntry de = new DirectoryEntry("LDAP://server.

Authentication with active directory means windows authentication, so first of all, you need to set <authentication mode="Windows"> instead of <authentication mode="Forms">