I just released AdFind V01.47.00 this evening. It is the Jack Skellington release. 😉
http://www.joeware.net/freetools/tools/adfind
It is a small batch of changes with one fairly important change that is in beta.
- Fixed bugs with -this,-ameta,-vmeta (and general metadata output).
- Changed Win8 decodes strings to Windows 2012.
- Added switch -nopaging.
- Added shortcut -sc ridpool.
The main reason I opened up the code to make changes was to change the Windows 8 references to Windows Server 2012. I also added some new decodes including a supportedCapabilities value that didn’t exist in the beta that I pinged the DS Team about and got them to add ">supportedCapabilities: 1.2.840.113556.1.4.2237 [LDAP_CAP_ACTIVE_DIRECTORY_W8_OID]", that OID name is straight from the MSDN docs.
Especially note the new BETA -nopaging switch. By default, from the very beginning, AdFind has used the LDAP Paging control so it could return any number of entries. Over the years I have had a few people ask for a switch to turn paging off. This is usually related to them trying to query some non-AD LDAP Directory that doesn’t support Paging or because of a bug in AD that messes with Index selection on paged queries (LDAP queries are executed more slowly than expected in the AD or LDS/ADAM directory service and Event ID 1644 may be logged).
I have wanted to add the -nopaging capability for some time but didn’t previously see a way, sort of like what happened with CSV output years ago all of a sudden something clicked and I realized how I could do it so here it is. It is beta because I have found a few oddities that I had to fix and it is possible there could be more as the main loop of the engine just wasn’t built with non-paged queries in mind.
There is also a fix for metadata output, specifically -vmeta for when there is a large number of value metadata entries. For whatever reason when I first set it up I didn’t set it up to properly decode the binary value when value ranging kicked in for the metadata attribute. If it screwed up, it was very obvious, the output would look something like:
dn:CN=group,CN=users,DC=test,DC=loc,DC=adam
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
<SNIP>
This isn’t a required upgrade but if you use AdFind to output metadata or work with Windows Server 2012 DCs I would recommend upgrading.
joe
