As mentioned previously, AdFind V01.43.00 had some issues with non-Microsoft LDAP directories due to a check I added to detect if paging was available[1]. I mistakenly assumed that RootDSE’s would all return the supportedControl attribute by default. I fixed that. 🙂 In the meanwhile I took the time to work on a few other things as well that I didn’t have time to get to before in the prior release,overall though, the main changes are in AdMod.
AdFind Update Summary
As mentioned, I fixed the paging check issue. I also set up some decodes of RootDSE OIDs for OpenLDAP. I also added a –nopagingcheck just in case a directory supports the paging control but for whatever reason isn’t returning it in the RootDSE request. Look at me worrying about non-Microsoft directories. ;o)
I fixed an output bug I introduced in V01.43.00 around value metadata output.
I tweaked the attributes in the –sc export_* shortcuts.
I put in a hard block and error message when you specify a special base and the –b switch. I call this the Burbidge update.
I modified the –sc dclist shortcut. I made it more flexible so that it can be used for all DCs in the forest or just the DCs in a single forest. Also you can now specify RODCs only. At the same time I also decided to add –sc gclist and –sc !gclist. These should all be really useful for FOR /F looping in Batch. I intend to write up a blog entry or two on this because it is tremendously useful if you need to quickly gather info across all of your DCs and everyone is telling you that you need to write a script to do it.
I added another similar shortcut, –sc domainlist which gives you DNS Names (dNSRoot attribute of NC Partition object) of all Domains in the forest.
AdMod Update Summary
Main changes in AdMod are that I was finally able to duplicate and find some long running –CSV and –Import issues. I had been getting sporadic reports of issues for some time and I could never narrow the problem down but finally got a break in the troubleshooting and sorted it out. I spent hours most nights since the last release stepping through the code line by line for various CSV files keeping manual tables of what should be happening, reminded me exercises from computer science classes back in the 80’s.
I also took this time to add some other useful features to the import functionality to make it more friendly for imports including having AdMod look at the destination directory schema and automatically filtering out any attributes from the import that don’t exist in the destination directory. I also added two new import modes, importpass1 and importpass2. This is to help deal with DN attributes that may have references that aren’t already defined when the object is created. The idea is that you run the CSV file in ADD mode with importpass1 and it creates all of the objects with the DN attributes filtered out. Then you run the same CSV file through in update mode with importpass2 and it populates just the DN attributes. It worked really well in my limited tests and I think it is pretty cool but I look forward to the comments from the field… from you guys and gals. Oh I also added an –sc importschema switch that will also be the topic of a future blog entry.
I fixed a couple of bugs, the first was around the GUID## encoding mechanism with the braces. The second is with the –hd switch.
Anyway, I hope folks find the changes useful, as always, any bugs or suggestions, email me at joe@joeware.net
See the AdFind update info at http://www.joeware.net/freetools/tools/adfind/index.htm
See the AdMod update info at http://www.joeware.net/freetools/tools/admod/index.htm
joe
[1] This was a self-preservation change. By far the biggest “AdFind is broken” email I get is due to people querying non-MSFT directories that don’t support paging and currently AdFind uses paging queries exclusively. This is something I have on the list to change someday, but today isn’t that day. ;) Anyway, this change should make it clear to people why AdFind is not returning data when they query LDAP directory XYZ that doesn’t support paging.
