Disabled AD users in SharePoint - sharepoint-2016

Getting the following unexpected in ULS along with other entries in the same correlation ID which mention:
The specified user Domain\Username could not be found.
These users are disabled in AD, and when I search for the user in SP via people picker the user is not found, but when i search via a custom built application within SP, the user is found.
any ideas why im getting these errors in ULS:
Stack trace:
at Microsoft.SharePoint.SPUser.InitMember()
at Microsoft.SharePoint.SPUser..ctor(SPWeb web, SPSecurableObject scope, String strIdentifier, Object[,] arrUsersData, UInt32 index, Int32 iByParamId, String strByParamSID, String strByParamEmail, SPUserCollectionType userCollectionType, SPUserCollectionFlags ucf, Boolean isSiteAuditor)
at Microsoft.SharePoint.SPUserCollection.GetByIDNoThrow(Int32 id)
at Microsoft.SharePoint.SPFieldUserValue.get_User()

Related

delete phone number using ews

I want to manage mailbox contacts in Exchange online using EWS 2.2 in PowerShell. I am able to create, delete and modify (most of the properties)
But I can not set any PhoneNumber (BusinessPhone, MobilePhone, HomePhone) to an empty value. Tried $updateItem.PhoneNumbers[[Microsoft.Exchange.WebServices.Data.PhoneNumberKey]::BusinessPhone] = $null;
and a lot of variations. Always get: "An object within a change description must contain one and only one property to modify."
I saw this post and using the code from there does not create any error message, but the phone number also isn't empty: EWS Delete PhoneNumber Entry on Contact
Any ideas how to set these field empty?

Get user's AD role without using Remote Server Administration Tools

I'm trying to write a powershell command that checks to see if a user is part of an AD Group, however, I don't want to use the RSAT modules, as this may end up being a logon script (and we don't want users having those modules installed). This did lead me to this question, Search AD with PowerShell without using AD module (RSAT), however, I can't figure out how to filter the results check it the value is in there.
For example, the below does return a list of users, in LDAP form, for the group IT, but how do I then check a specific user (with their Username, not display name) is in there?
([System.DirectoryServices.DirectorySearcher]"(&(objectCategory=group)(name=IT))").FindOne().Properties["Member"]
FindOne() despite what it says as well, returns multiple rows; in fact FindAll() and FindOne() both return the same results.
Should I be using a different command to search AD? Specifically I want to either check an AD group contains a user (the current user), or the inverse, check a user (the current user) is a member of a particular AD group.
You can do it that way if you really need to (and I can help you do it that way if you really need) but if you are going to be running this script under the credentials of the user you are interested in, then you can get all the groups from the user's login token. That already contains a recursive list of all security groups that the user is in. (It won't include groups where the 'Group type' is "Distribution")
The login token contains a list of SIDs, so the absolute fastest way is to compare using the SID of the group you are interested in, since it won't have to make any network request at all. That's especially convenient for laptop users who may not be online when they login - your script would still work.
$currentIdentity = [Security.Principal.WindowsIdentity]::GetCurrent()
if ($currentIdentity.Groups.Where({$_.Value -eq "S-1-1-0"}, "First")) { #Is in "Everyone"?
"Yes"
} else {
"No"
}
To find the SID of a group, use this:
(Get-ADGroup "GroupName").SID.Value
Then copy/paste that value into the script.
If you would prefer to use the name of the group in the script, then you can convert it to a WindowsPrincipal and use IsInRole. However, this will need to make a network request to find the group by its name.
$currentIdentity = [Security.Principal.WindowsIdentity]::GetCurrent()
$currentPrincipal = New-Object System.Security.Principal.WindowsPrincipal($currentIdentity)
if ($currentPrincipal.IsInRole("Everyone")) {
"Yes"
} else {
"No"
}

Identity server3 : User Info endpoint returns null Claims

I am using Authorization Code flow and I am trying to get the user information using user info endpoint, but I am not getting claims. I've enabled IncludeInIdToken for some claims like name profile email and when decode Idtoken I was not able to see the above claims.
I've tried by debugging the method GetProfileDataAsync, here I found the "Name" property coming null, since I am using the AD group I need this Name property here.
I tried to save "Name" into global variable in LocalLoginAsync method and used the same in GetProfileDataAsync method. Now I have added claims to the TaskResult, but I am getting count '0' in the response
When I request for tokens by using code I am able to see the following result in Claims
and I am not able to see those claims in IdToken,
Next, time when request using user info endpoint by using access token I am not getting any Claim except "sub" or no Name property.
How can I get Claim with User Info endpoint response
I've tried by debugging the code and found the issue, since I am doing the mistake like
return Task.FormResult(identity.Claims.where(x=>context.RequestedClaimTypes.Contains(x.Types)));
instead of doing
context.IssuedClaims = identity.Claims.where(x=>context.RequestedClaimTypes.Contains(x.Types));
return Task.FromResult(0);
But still I am getting the username(Name) property null with user info endpoint..,
I am assuming that you are requesting the profile scope in your request. If this is true then username is not a valid scope and does not form part of the list of standard claims for this scope. you should rename your claim to either nickname or preferred_username

Assign site template to organization site programmatically in liferay 6.1.0

I have created user & organization pragmatically using addUser() & addOrganization() methods respectively.
I am also able to add users to this organization using addOrganizationUsers() method.
Now I have created a site template from liferay control panel.
As we know , we can create a site for organization, and while creating a site we have options to select a site template for public & private pages.
As we know .
Public page - Visible to members + non members
Private page - Visible to only members.
So I want to create a organization site with private pages only so it will be seen by only organization member.
OrganiztionLocalServiceUtil.addOrganization(
long userId, long parentOrganizationId, String name, String type,
boolean recursable, long regionId, long countryId, int statusId,
String comments, boolean site, ServiceContext serviceContext)
Using above method , by specifying boolean site value 'true' a site will get created.
Now I want to add a site template to this organization site pragmatically which I have created from control panel.
So is there any API to add site template to any site of organization
Unfortunately there is no public API for it.
Use LayoutSetPrototypeLocalServiceUtil to get the ID for the SiteTemplate. To get the SiteTemplate by name you'll have to either use a dynamicQuery or iterate over the result of LayoutSetPrototypeLocalServiceUtil.getLayoutSetPrototypes(-1, -1)
Then invoke applyLayoutSetPrototypes of SitesUtil in the context of the portal.
MethodKey methodKey = new MethodKey("com.liferay.portlet.sites.util.SitesUtil","applyLayoutSetPrototypes", Group.class, long.class, long.class, ServiceContext.class);
PortalClassInvoker.invoke(false, methodKey, organization.getGroup(), publicLayoutSetId, privateLayoutSetId, serviceContext);
Specify -1 for publicLayoutSetId.
An Admin has to be logged in to perform this action.
To perform this action on startup or in the background a new ServiceContext would be needed.
Something like the following
ServiceContext serviceContext = new ServiceContext();
serviceContext.setAddGroupPermissions(true);
serviceContext.setAddGuestPermissions(true);
serviceContext.setSignedIn(false);
// set the following to an admin user / company or default user
User user = UserLocalServiceUtil.getDefaultUser(companyId); // or any user that has the permissions
serviceContext.setUserId(user.getUserId());
serviceContext.setCompanyId(companyId);
And most likely you also have to setup the ThreadPermissionChecker
PrincipalThreadLocal.setName(user.getUserId());
PermissionChecker adminPermissionChecker = PermissionCheckerFactoryUtil.create(user, false);
PermissionThreadLocal.setPermissionChecker(adminPermissionChecker);
Don't forget to reset the permission checker in a final block otherwise the same permission checker might be used for other requests on the same thread.

MS-Access active username autofill textbox

Is there and Access equivalent to excel code Application.UserName to auto fill a text box as a default value?
Based on Feedback From HansUp I have modified as follows
Private Sub Form_Load()
Me.LastChgUser = Excel.Application.UserName
End Sub
As my Load event for the form. I now receive a Compile Error: Method or Data Member Not found. THe Txt box "LastChgUser" is on a subform "Staffing" as part form "Associate Lookup"
Access' CurrentUser() function returns the Access security account name, which will be "Admin" unless you have set up user-level security.
You can use the Windows API to get the name of the current Windows user. Try the fOSUserName() function from Get Login name.
Another alternative is the Environ() function:
? Environ("USERNAME")
hans
Although that approach is insecure, it may be adequate for your purpose: load a default value which the user will be allowed to change. However, security settings may not allow you to use it directly as the control source for a text box.