Working on a script to automate the creation of new users, it works and the user shows up, but their home directory is not created.
For example I use New-ADUser to create "Joe User" with a username of "joeu" and HomeDirectory of \\\\svr-home\\home\\%username%
Normally when you enter this same string directly into the AD during the creation of a new user, when the OK button is clicked the %username% part is automatically replaced by "joeu" and a folder is created at \\\\svr-home\\home\\joeu with all the appropriate permissions.
When I check on the account in AD, the script has set the value for the 'Home Folder' field, but the AD variable is never completed and the matching folder is not created.
If I manually edit the user in AD and click the Apply button, the home path is resolved and the folder is created. Is there a way I can force AD to execute this step?
Or do I have to manually create the home folder and set its permission and then use the actual path information for the -HomeDirectory parameter to solve this?
The code for the GUI creates the folder. When modifying the AD-attribute manually (using ex PowerShell), you have to create the folder manually and assign permissions to the user.
See https://stackoverflow.com/a/14894574/702944 for example on how to create folder and assign permissions.
Related
I'm building an app that uses the ms-graph v1.0 API to write data to excelsheets in my OneDrive. It works with excel files that I uploaded to my drive but doesn't work with excel files that've been shared with me.
I know that I can get a list of all shared files with me/drive/sharedWithMe and the file that i want to edit is amongst the files that are being returned.
However, when i try to get one shared drive item using its driveItem property parentReference: driveID like this: /drives/{driveID}/items/{itemID} it returns : 403 - acces denied.
Here are my permissions:
"user.read",
"calendars.read",
"directory.accessasuser.all",
"files.readwrite.all"
I couldn't try the shares path /shares/{shareID} because I don't know how to figure out the shareId. It doesn't seem to be among the properties of the item that is returned by /sharedWithMe. Where can I get it?
Figured it out by myself.
I got the error
"message": "Cannot reference a user's drive from another user's personal site"
so I removed the me/from the route me/drives/{driveID}/items/{itemId} and it worked.
I have successfully created some mail folder, and then made it hidden with the following update:
patch /users/xxx#xxxx/mailFolders/folderId
{"singleValueExtendedProperties": [{"id":"boolean 0x10f4", "value":"**true**"}]}
(explanations about creating a hidden folder https://msdn.microsoft.com/en-us/library/office/dn659505(v=exchg.150).aspx):
Then I checked it with EWSEditor.exe, which proved the folder was successfully made hidden.
(But the patch call return 404, I think it is some bug of this API, it should return 200 since the update is successful)
After that, if I try to make the folder visible, the update always fails:
patch /users/xxx#xxxx/mailFolders/folderId
{"singleValueExtendedProperties": [{"id":"boolean 0x10f4", "value":"**false**"}]}
And for this hidden folder, there is no way to list it out or find it out. Trying to delete this hidden folder with the remembered ID fails, too.
So, it seems there are some bugs in the Graph mail folder API:
It should be allowed to make a hidden folder visible after a
previous update to hidden from visible.
There should be some API to list the hidden folder.
The Delete API should be able to delete the hidden folder.
Reset this property to false in EWS editor and save. You will be able to get this folder again with graph api.
This feature is now available in Graph Public Beta. You can access hidden mail folders via the /mailFolders API by adding a new query parameter called includeHiddenFolders. You can read more about the feature # below links:
About Hidden Folders: https://learn.microsoft.com/en-us/graph/api/resources/mailfolder?view=graph-rest-beta#hidden-mail-folders
Get a list of hidden mailFolders: https://learn.microsoft.com/en-us/graph/api/user-list-mailfolders?view=graph-rest-beta&tabs=http#example-2-include-hidden-folders-in-the-signed-in-users-mailbox
Exchange 2016 using Outlook 2016 client
Created a new Public Folder titled
Mail-enabled the public folder:
Enable-MailPublicFolder -Identity "\PublicFolder"
Added Send As permissions.
Add-ADPermission PublicFolder -User domain\jsmith -Extendedrights "Send As"
Added permissions to receive mail.
Add-PublicFolderClientPermission -identity "\PublicFolder" -User Anonymous -AccessRights CreateItems
Set Hidden from address lists false:
Enable-MailPublicFolder -Identity "\PublicFolder" -HiddenFromAddressListsEnabled $False
The user jsmith is an owner of this public folder. He can add the public folder and the public folder can receive emails but nobody is able to "Send As" the public folder.
Under EAC I have verified that the public folder exists, permissions are in place, and the folder is mail-enabled.
I have tried disabling Mail Settings and re-enabling. I am also completely unable to select "PublicFolder" in my "From" field in OWA. It gives no option to enter a custom name and also doesn't have an option for the PublicFolder. I did add it to my Favorites.
The user receives the message "This message could not be sent. Try sending the message again later, or contact your network administrator. You do not have the permission to send the message on behalf of the specified user. Error is [0x80070005-0x0004dc-0x000524]."
The user has both Send As and Send on Behalf Of permissions.
The issue has lasted more than 24 hours so I am fairly certain that it is not a replication issue.
This kind of issues might be caused by a wide range of issues:
Make sure that you use the correct permissions as explained in KB 3045224
Make sure that you cleaned the client AutoCache as explained in KB 287623.
Make sure your GAL is updated (but I would say that should be the case after the 24 hours you waited)
Download the OAB by hand on the affected clients
Try to remove the mailbox / shared folder and re-add it on the client
Try to remove the email address from the list (there should be a X near that) and re-add it on the client to force a recheck from the config
Recheck/Reset the permissions via powershell to ensure you are using the correct one
Check KB 3131416 if it apply to your environment
There seamed to be some issues with hidden elements in Exchange. So check out the following URL if that apply to your situation.
Make sure the user has only "Send As" and not additional to that "Send on Behalf Of" rights.
More infos can be found in the source URL.
Outcome:
In your situation it looks like this is caused because the user has both "Send As" and "Send on Behalf Of" permissions. So please check solution 1 and fix the permission.
After long hours of research about this issue, this is the way to solve error 0x80070005-0x0004dc-0x000524 given by a send as on public folder.
Delete outlook Profile
rename in .OLD the folder c:\users\username\appdata\roaming\outlook or c:\users\username\appdata\roaming\microsoft\outlook
Create the new profile
If exists, Delete the autocomplete entry on field "from" with the little cross on the right.
Try to send
It works for me and hope it will be the same for you.
=> Works for Exchange 2013 and Outlook 2010 & 2013.
I'm trying to start SQL Server Express from command line using the following command:
net start MSSQL$SQLEXPRESS
But I get this error:
System error 5 has occurred.
Access is denied.
I have administrator privilege and my OS is Windows 7.
Thanks to #SamiKuhmonen my problem was solved.
I created batch file (named start sqlserver.bat) conatins the following command:
net start MSSQL$SQLEXPRESS
I created a shortcut to my batch file.
And run it as administrator like in this
screenshot
Run Registry Editor (RegEdit).
Navigate to HKEY_LOCAL_MACHINE.
Right click on HKEY_LOCAL_MACHINE, and select Permissions .
Click on the Advanced button.
In “Advanced Security Settings” dialog window, go to the Owner tab.
Select and highlight the currently logged on user name or Administrators group (if user is a member of Administrators” in the Change owner to: box.
Select the tick the check box for Replace owner on subcontainers and objects option, and click OK.
Back in “Permissions” dialog window, click on Add… button.
Enter everyone in the Enter the object names to select text box, and click on the Check Names button.
Hope it helps!!!
If there is error with the user ID entered, correct the error. If there is no error found, click the OK button.
Back in “Permissions” dialog window, select and highlight the newly added user name in Group or user names: section, and tick the checkbox for Allow access right next to Full Control in the Permissions for Everyone section.
simply create the batch file as eg.bat
and it's content as :start ssms
I am trying to attach a TFS label to a new file in our collection. The label I am trying to attach already exists, and was created by a different user who left the company a while ago. When I try to view the contents of the existing label, I receive a message that the owner of the label cannot be found - TF14132: Identity not found.
How can I modify this label?
Is there a way we can update all instances of "Identity not found" to a current/active account?
To update a label created by another user, you'll need the LabelOther permission. Project Admins have this permission by default - see the TFS permissions reference for details.