Content Management and Capture

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Hi,

Creating a new user in Active Directory with the same SID as the deleted user is not straightforward and generally not recommended. Maybe some AD expert will be able to do it. I would rather recommend taking ownership of the objects. As a GCD Admin or ObjectStore Admin, you may be able to update the ownership of configuration objects using the FileNet API or the Administration Console for Content Platform Engine (ACCE).:

• Use ACCE to navigate to the configuration objects and manually reassign ownership or modify permissions.
• Or, use a custom script via FileNet's APIs to change the owner of these objects to another admin user.

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Hi Miroslav,

thanks for your feedback. We taked with AD experts and unfortunately it is not possibel to set the SID during the creation process or afterwards. In our case only the deleted users are the owner of the object and no other user have access. So I am not sure if we can change the owner via API as we have no other user that have access to the object. Well I guess I need to follow some other possibilities. 

Thanks!

Hi,

Creating a new user in Active Directory with the same SID as the deleted user is not straightforward and generally not recommended. Maybe some AD expert will be able to do it. I would rather recommend taking ownership of the objects. As a GCD Admin or ObjectStore Admin, you may be able to update the ownership of configuration objects using the FileNet API or the Administration Console for Content Platform Engine (ACCE).:

• Use ACCE to navigate to the configuration objects and manually reassign ownership or modify permissions.
• Or, use a custom script via FileNet's APIs to change the owner of these objects to another admin user.

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Can you share with us a screenshot of ACL (Security tab) on ObjectStore level? Is there any ACE with Full Control permission?

Hi Miroslav,

thanks for your feedback. We taked with AD experts and unfortunately it is not possibel to set the SID during the creation process or afterwards. In our case only the deleted users are the owner of the object and no other user have access. So I am not sure if we can change the owner via API as we have no other user that have access to the object. Well I guess I need to follow some other possibilities. 

Thanks!

Hi,

Creating a new user in Active Directory with the same SID as the deleted user is not straightforward and generally not recommended. Maybe some AD expert will be able to do it. I would rather recommend taking ownership of the objects. As a GCD Admin or ObjectStore Admin, you may be able to update the ownership of configuration objects using the FileNet API or the Administration Console for Content Platform Engine (ACCE).:

• Use ACCE to navigate to the configuration objects and manually reassign ownership or modify permissions.
• Or, use a custom script via FileNet's APIs to change the owner of these objects to another admin user.

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Hi yes there are one group and two users on OS level that have full permission. But also these user does not see the security settings of the TableDefinition class objects. 

Can you share with us a screenshot of ACL (Security tab) on ObjectStore level? Is there any ACE with Full Control permission?

Hi Miroslav,

thanks for your feedback. We taked with AD experts and unfortunately it is not possibel to set the SID during the creation process or afterwards. In our case only the deleted users are the owner of the object and no other user have access. So I am not sure if we can change the owner via API as we have no other user that have access to the object. Well I guess I need to follow some other possibilities. 

Thanks!

Hi,

Creating a new user in Active Directory with the same SID as the deleted user is not straightforward and generally not recommended. Maybe some AD expert will be able to do it. I would rather recommend taking ownership of the objects. As a GCD Admin or ObjectStore Admin, you may be able to update the ownership of configuration objects using the FileNet API or the Administration Console for Content Platform Engine (ACCE).:

• Use ACCE to navigate to the configuration objects and manually reassign ownership or modify permissions.
• Or, use a custom script via FileNet's APIs to change the owner of these objects to another admin user.

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Go to the Permissions tab on the configuration objects you need to fix, find the Owner property, and rewrite the unknown SID with one of the users who have full permissions at the ObjectStore level. Then, after refresh of object you will be able to change ACL as you like.

Hi yes there are one group and two users on OS level that have full permission. But also these user does not see the security settings of the TableDefinition class objects. 

Can you share with us a screenshot of ACL (Security tab) on ObjectStore level? Is there any ACE with Full Control permission?

Hi Miroslav,

thanks for your feedback. We taked with AD experts and unfortunately it is not possibel to set the SID during the creation process or afterwards. In our case only the deleted users are the owner of the object and no other user have access. So I am not sure if we can change the owner via API as we have no other user that have access to the object. Well I guess I need to follow some other possibilities. 

Thanks!

Hi,

Creating a new user in Active Directory with the same SID as the deleted user is not straightforward and generally not recommended. Maybe some AD expert will be able to do it. I would rather recommend taking ownership of the objects. As a GCD Admin or ObjectStore Admin, you may be able to update the ownership of configuration objects using the FileNet API or the Administration Console for Content Platform Engine (ACCE).:

• Use ACCE to navigate to the configuration objects and manually reassign ownership or modify permissions.
• Or, use a custom script via FileNet's APIs to change the owner of these objects to another admin user.

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!

Hi teccies,

I have a question and maybe some of you had a similar issue in the past. A customer of us unfortunately deleted two uers from the AD system. But these users where Owner of some configuration objects in the object store. So currently none of the others admin user have access to these objects. Is there a possibilty to create a new user with the SID of the old one or update the SID afterwards in the AD object?

Many thanks!