I'm trying to formulate a way I can automate removal of AD Groups from disabled users OU in AD.
I would like for the script to have an exception to only remove certain domain services folder addresses starting with ****.
Also, for it to remove all bar two exceptions to this.
I would be happy for this to be done via csv file or just through the AD OU.
We also have a system that holds onto users even after they are deleted from AD.
We normally have to go to to web address linked to the server and manually terminate the user
Any help appreciated!
Thanks
Related
When I want to publish my XF.UWP app to the Microsoft store on a new pc I am presented with the following fields to fill:
Tenant ID
Client ID
Client Key
The Microsoft documentation page that guides you through the process seems to be outdated (I already reported this), and I can't find the data that I need to fill from the new Microsoft Partner Center.
The only field I am able to find is 'Tenant Id'. I Found it under gear icon - account settings - organisation profile - tennants.
Who can help me out
Like with many of Microsoft's services, the Client ID/ Client Key location is a bit vague and easier to explain with screenshots than words. But for anyone who may not understand the purpose, I'll leave a brief synopsis to explain the caveman drawings below.
The tenant ID in this scenario is the ID of your Azure AD tenant. No big surprises here. You can grab this (assuming an Azure AD organization is already linked to your Microsoft Partner Center account) from the MPC dashboard under Home > Account Settings > Organization profile > Tenants.
The client ID & client key are slightly harder to locate. This is because MPC recognizes three types of entities within the user hierarchy.
Users
Groups
Azure AD applications
To take advantage of the current automated publishing pipeline for the Microsoft Store, you must create or manage the Azure AD application associated with your project, which can be done under Home > Account settings > User management > Azure AD applications.
If you are familiar with GCP or Google API integration, the Azure AD app is the equivalent of a service account. A given Azure AD application can be assigned any permission within the scope of your project or even your organization based on the scenario. In my experience, the Manager role has always been sufficient.
Click an existing app to manage or create a new one from scratch; either way, you will soon reach the Client ID / Client Key panel, where you can add, view (one time only), and delete keys for your application. The values generated here can be utilized in the Microsoft Store submission workflow seen in the OP's screenshot above. Happy publishing!
References: Add users, groups, and Azure AD applications to your Partner Center account
Do you have Azure AD linked to your account?
If so, those keys should be available here:
https://partner.microsoft.com/en-us/dashboard/account/v3/usermanagement#users
If not, it can be configured here:
https://partner.microsoft.com/en-us/dashboard/account/TenantSetup
leading to:
https://partner.microsoft.com/en-us/dashboard/Account/CreateTenant
I wrote two small Google Scripts that present simple forms to fill in. Most of my user community has no trouble using them. A small minority of users can never open the forms, instead they get "Sorry, unable to open the file at this time" error page for both forms. I can't find any common thread for why only some users fail. I've tested on multiple browsers on multiple machines, even on android devices, it never fails for me.
A couple of things I've noted:
when it fails for them the URL is re-written. The proper url starts with https://script.google.com/macros/s/... but for broken users when they paste that in they instead get https://script.google.com/macros/u/3/s/... (notice the "u/3" at the end)
There is no execution log created when they try to access the site, so I have no way to debug what's going on.
The app is permissioned so "Anyone" can access it, and it runs as my account
Sorry, I realize this problem description is impossibly vague. Any debug suggestions would be extremely welcome. I'm not a regular Google App Script developer, so I'm kinda stumbling in the dark with this one. Thanks in advance.
/u/3 means that the user have signed-in into multiple Google accounts, the number correspond to the zero-based index of the account in the order that the user followed to sign-in, 0 is for the default account, 1 is to de second account, 2 is for the thirds account and so on.
So, on your test include this use case, a user signed-in into multiple Google accounts.
NOTE: It's known that the HTML Service do not handle as expected this use case.
Related
AuthMode gets confused w/ multiple logged in users
We're sorry, a server error occurred while reading from storage. Error code PERMISSION_DENIED
Why is my script pushing an incorrect URL? [/u/2 inserted into script URL] (possible duplicate)
I am in the process of adding some integrations to my Mattermost instance. My team need things like e.g. ability to create hangouts link with one slash command.
However as far as I can see everyone of my team members would have to create the integration by itself. I want to spare them the trouble and set it globally.
Is there some reasonable way to do it or would I have to try to backup my database and then run by hand PostgreSQL queries creating commands for every single team member?
Custom Slash Commands in Mattermost are scoped to the team. If one user creates a Custom Slash Command, it will be available to all users in the team where it was created.
However, it will still be owned by the user who has created it. If you have EnablePostUsernameOverride set to true in your config.json, the username of the posts made in response to the Custom Slash Command can be customised. Otherwise, they will have the username of the user who created the Custom Slash Command.
Currently the bane of my existence is dealing with users email signatures at work, changing names, titles, departments, new users...it's all annoying. Currently I manage it with GAM and a semi templated HTML file to push changes, which works okay, but it's still a manual process. What I'm looking to do is create a small app script or app engine project that can...
detect a new or changed user
pull the fields needed to fill in their signature template
push the changes to their account
2 & 3 are no problem at all, it's #1 that I cannot find a reasonable solution to.
I had thought about using the google apps audit settings to email a specific mailbox when a new user is created, but that will only catch new users, not changes in titles and such. My only apparent option is something that runs periodically checking all the users signatures against what my script would generate and updating if needed, but that's hardly efficient and creates a potential timelapse in the waiting period meaning when people want things 'done now' (which is of course, every request), it will mean I manually trigger the job; effectively bringing me back to my original solution.
Is there any kind of user feed that contains changes available in google apps? Maybe google has a POST hook that hits a predefined URL on changes?
You can probably use push notifications for this https://developers.google.com/drive/web/push using the users.watch method https://developers.google.com/admin-sdk/directory/v1/reference/users/watch
Is it possible in BusinessObjects 4.0/4.1 to do the following:
Create a report in PDF format
Transfer and store the report on some Windows Share folder
Schedule this process
It this is possible, can anyone give short guidelines on how to do it? Thanks!
Sure, that's basic scheduling functionality.
From Launchpad, right-click on the report and hit "Schedule".
Click the recurrence tab to set the scheduling recurrence.
Click the Formats tab and select Acrobat.
Click the Destinations tab and select File System.
One important note on Destinations -- you can optionally enter the Windows user name and password that will be used to connect to the file share when the report is generated. You can leave this blank, in which case the BO server will connect to the file share as the account that BO runs as (that is, the user name that the SIA service runs as). In this case, the service account must have r/w permission to the file share. On the other hand, if you enter credentials manually, you need to make sure that any recurring schedules get updated if/when you change the accounts password, else the account will quickly get locked out (I know from experience....)
For more info, click the Help menu in Launchpad, then review the section on Scheduling Objects.