joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

11/3/2024

Windows Server 2025 is now GA, AdFind Updates For Windows Server 2025 AD Under Way

by @ 3:12 pm. Filed under general

AdFind updates for 2025 (and other things) is under way. Thirty something builds or so since the last publicly released version of AdFind.

[Sun 11/03/2024 14:05:12.57]
D:\DEV\cpp\vs\AdFind\Debug>adfind -appver

AdFind V01.64.00cppBETA Joe Richards (support@joeware.net) November 2024
  BUILD    : 1.64.0.6206_DEBUG
  BUILDDATE: 20241103-14:03:46 EST x86 VS2022
  WIN32  PATH: D:\DEV\cpp\vs\AdFind\Debug\AdFind.exe
  NATIVE PATH: \Device\HarddiskVolume4\DEV\cpp\vs\AdFind\Debug\AdFind.exe

[Sun 11/03/2024 14:05:21.11]
D:\DEV\cpp\vs\AdFind\Debug>adfind -hh k25-dc1.k25.test.loc -rootdse

AdFind V01.64.00cppBETA Joe Richards (support@joeware.net) November 2024

Using server: K25-DC1.K25.test.loc:389
Directory: Windows Server 2025 (10.0.26100.1)

dn:
> domainFunctionality: 10 [Windows Server 2025 Domain Mode]
> forestFunctionality: 10 [Windows Server 2025 Forest Mode]
> domainControllerFunctionality: 10 [Windows Server 2025 Mode]
> rootDomainNamingContext: DC=K25,DC=test,DC=loc
>ldapServiceName: K25.test.loc:k25-dc1$@K25.TEST.LOC
> isGlobalCatalogReady: TRUE
> supportedSASLMechanisms: GSSAPI
> supportedSASLMechanisms: GSS-SPNEGO
> supportedSASLMechanisms: EXTERNAL
> supportedSASLMechanisms: DIGEST-MD5
> supportedLDAPVersion: 3
> supportedLDAPVersion: 2
> supportedLDAPPolicies: MaxPoolThreads
> supportedLDAPPolicies: MaxPercentDirSyncRequests
> supportedLDAPPolicies: MaxDatagramRecv
> supportedLDAPPolicies: MaxReceiveBuffer
> supportedLDAPPolicies: InitRecvTimeout
> supportedLDAPPolicies: MaxConnections
> supportedLDAPPolicies: MaxConnIdleTime
> supportedLDAPPolicies: MaxPageSize
> supportedLDAPPolicies: MaxBatchReturnMessages
> supportedLDAPPolicies: MaxQueryDuration
> supportedLDAPPolicies: MaxDirSyncDuration
> supportedLDAPPolicies: MaxTempTableSize
> supportedLDAPPolicies: MaxResultSetSize
> supportedLDAPPolicies: MinResultSets
> supportedLDAPPolicies: MaxResultSetsPerConn
> supportedLDAPPolicies: MaxNotificationPerConn
> supportedLDAPPolicies: MaxValRange
> supportedLDAPPolicies: MaxValRangeTransitive
> supportedLDAPPolicies: ThreadMemoryLimit
> supportedLDAPPolicies: SystemMemoryLimitPercent
> supportedLDAPPolicies: SecurityDescriptorWarningSize
> supportedControl: 1.2.840.113556.1.4.319 [LDAP_PAGED_RESULT_OID_STRING]
> supportedControl: 1.2.840.113556.1.4.801 [LDAP_SERVER_SD_FLAGS_OID]
> supportedControl: 1.2.840.113556.1.4.473 [LDAP_SERVER_SORT_OID]
> supportedControl: 1.2.840.113556.1.4.528 [LDAP_SERVER_NOTIFICATION_OID]
> supportedControl: 1.2.840.113556.1.4.417 [LDAP_SERVER_SHOW_DELETED_OID]
> supportedControl: 1.2.840.113556.1.4.619 [LDAP_SERVER_LAZY_COMMIT_OID]
> supportedControl: 1.2.840.113556.1.4.841 [LDAP_SERVER_DIRSYNC_OID]
> supportedControl: 1.2.840.113556.1.4.529 [LDAP_SERVER_EXTENDED_DN_OID]
> supportedControl: 1.2.840.113556.1.4.805 [LDAP_SERVER_TREE_DELETE_OID]
> supportedControl: 1.2.840.113556.1.4.521 [LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID]
> supportedControl: 1.2.840.113556.1.4.970 [LDAP_SERVER_GET_STATS_OID]
> supportedControl: 1.2.840.113556.1.4.1338 [LDAP_SERVER_VERIFY_NAME_OID]
> supportedControl: 1.2.840.113556.1.4.474 [LDAP_SERVER_RESP_SORT_OID]
> supportedControl: 1.2.840.113556.1.4.1339 [LDAP_SERVER_DOMAIN_SCOPE_OID]
> supportedControl: 1.2.840.113556.1.4.1340 [LDAP_SERVER_SEARCH_OPTIONS_OID]
> supportedControl: 1.2.840.113556.1.4.1413 [LDAP_SERVER_PERMISSIVE_MODIFY_OID]
> supportedControl: 2.16.840.1.113730.3.4.9 [LDAP_CONTROL_VLVREQUEST]
> supportedControl: 2.16.840.1.113730.3.4.10 [LDAP_CONTROL_VLVRESPONSE]
> supportedControl: 1.2.840.113556.1.4.1504 [LDAP_SERVER_ASQ_OID]
> supportedControl: 1.2.840.113556.1.4.1852 [LDAP_SERVER_QUOTA_CONTROL_OID]
> supportedControl: 1.2.840.113556.1.4.802 [LDAP_SERVER_RANGE_OPTION_OID]
> supportedControl: 1.2.840.113556.1.4.1907 [LDAP_SERVER_SHUTDOWN_NOTIFY_OID]
> supportedControl: 1.2.840.113556.1.4.1948 [LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID]
> supportedControl: 1.2.840.113556.1.4.1974 [LDAP_SERVER_FORCE_UPDATE_OID]
> supportedControl: 1.2.840.113556.1.4.1341 [LDAP_SERVER_RODC_DCPROMO_OID]
> supportedControl: 1.2.840.113556.1.4.2026 [LDAP_SERVER_DN_INPUT_OID]
> supportedControl: 1.2.840.113556.1.4.2064 [LDAP_SERVER_SHOW_RECYCLED_OID]
> supportedControl: 1.2.840.113556.1.4.2065 [LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID]
> supportedControl: 1.2.840.113556.1.4.2066 [LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID]
> supportedControl: 1.2.840.113556.1.4.2090 [LDAP_SERVER_DIRSYNC_EX_OID]
> supportedControl: 1.2.840.113556.1.4.2205 [LDAP_SERVER_UPDATE_STATS_OID]
> supportedControl: 1.2.840.113556.1.4.2204 [LDAP_SERVER_TREE_DELETE_EX_OID]
> supportedControl: 1.2.840.113556.1.4.2206 [LDAP_SERVER_SEARCH_HINTS_OID]
> supportedControl: 1.2.840.113556.1.4.2211 [LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID]
> supportedControl: 1.2.840.113556.1.4.2239 [LDAP_SERVER_POLICY_HINTS_OID]
> supportedControl: 1.2.840.113556.1.4.2255 [LDAP_SERVER_SET_OWNER_OID]
> supportedControl: 1.2.840.113556.1.4.2256 [LDAP_SERVER_BYPASS_QUOTA_OID]
> supportedControl: 1.2.840.113556.1.4.2309 [LDAP_SERVER_LINK_TTL_OID]
> supportedControl: 1.2.840.113556.1.4.2330 [LDAP_SERVER_SET_CORRELATION_ID_OID]
> supportedControl: 1.2.840.113556.1.4.2354 [LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID]
> supportedCapabilities: 1.2.840.113556.1.4.800 [LDAP_CAP_ACTIVE_DIRECTORY_OID]
> supportedCapabilities: 1.2.840.113556.1.4.1670 [LDAP_CAP_ACTIVE_DIRECTORY_V51_OID]
> supportedCapabilities: 1.2.840.113556.1.4.1791 [LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID]
> supportedCapabilities: 1.2.840.113556.1.4.1935 [LDAP_CAP_ACTIVE_DIRECTORY_V60_OID]
> supportedCapabilities: 1.2.840.113556.1.4.2080 [LDAP_CAP_ACTIVE_DIRECTORY_V61_R2_OID]
> supportedCapabilities: 1.2.840.113556.1.4.2237 [LDAP_CAP_ACTIVE_DIRECTORY_W8_OID]
> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=K25,DC=test,DC=loc
> serverName: CN=K25-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=K25,DC=test,DC=loc
> schemaNamingContext: CN=Schema,CN=Configuration,DC=K25,DC=test,DC=loc
> namingContexts: DC=K25,DC=test,DC=loc
> namingContexts: CN=Configuration,DC=K25,DC=test,DC=loc
> namingContexts: CN=Schema,CN=Configuration,DC=K25,DC=test,DC=loc
> isSynchronized: TRUE
> highestCommittedUSN: 12989
> dsServiceName: CN=NTDS Settings,CN=K25-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=K25,DC=test,DC=loc
> dnsHostName: K25-DC1.K25.test.loc
> defaultNamingContext: DC=K25,DC=test,DC=loc
> currentTime: 20241103190552.0Z
> configurationNamingContext: CN=Configuration,DC=K25,DC=test,DC=loc
> validFSMOs: CN=Schema,CN=Configuration,DC=K25,DC=test,DC=loc
> validFSMOs: CN=Partitions,CN=Configuration,DC=K25,DC=test,DC=loc
> validFSMOs: DC=K25,DC=test,DC=loc
> validFSMOs: CN=Infrastructure,DC=K25,DC=test,DC=loc
> validFSMOs: CN=RID Manager$,CN=System,DC=K25,DC=test,DC=loc
> usnAtRifm: 1
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-500
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-513
> tokengroups: S-1-1-0
> tokengroups: S-1-5-32-544
> tokengroups: S-1-5-32-545
> tokengroups: S-1-5-32-554
> tokengroups: S-1-5-2
> tokengroups: S-1-5-11
> tokengroups: S-1-5-15
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-512
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-520
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-518
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-519
> tokengroups: S-1-5-21-1203498047-784946223-2106378776-572
> tokengroups: S-1-5-64-10
> supportedExtension: 1.3.6.1.4.1.1466.20037 [LDAP_SERVER_START_TLS_OID]
> supportedExtension: 1.3.6.1.4.1.1466.101.119.1 [LDAP_TTL_REFRESH_OID]
> supportedExtension: 1.2.840.113556.1.4.1781 [LDAP_SERVER_FAST_BIND_OID]
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3 [LDAP_SERVER_WHO_AM_I_OID]
> supportedExtension: 1.2.840.113556.1.4.2212 [LDAP_SERVER_BATCH_REQUEST_OID]
> supportedConfigurableSettings: DynamicObjectDefaultTTL
> supportedConfigurableSettings: DynamicObjectMinTTL
> supportedConfigurableSettings: DisableVLVSupport
>supportedConfigurableSettings: ADAMDisablePasswordPolicies
> supportedConfigurableSettings: ADAMDisableLogonAuditing
> supportedConfigurableSettings: ADAMLastLogonTimestampWindow
> supportedConfigurableSettings: RequireSecureSimpleBind
> supportedConfigurableSettings: RequireSecureProxyBind
> supportedConfigurableSettings: MaxReferrals
> supportedConfigurableSettings: ReferralRefreshInterval
> supportedConfigurableSettings: SelfReferralsOnly
> supportedConfigurableSettings: ADAMAllowADAMSecurityPrincipalsInConfigPartition
> supportedConfigurableSettings: ADAMDisableSPNRegistration
> supportedConfigurableSettings: ADAMDisableSSI
> supportedConfigurableSettings: DenyUnauthenticatedBind
> spnRegistrationResult: 21
> serviceAccountInfo: machineDomainName=K25
> schemaIndexUpdateState: 3
> msDS-PrincipalName: K25\Administrator
> msDS-PortSSL: 636
> msDS-PortLDAP: 389
> dsSchemaPrefixCount: 39
> dsSchemaClassCount: 270
> dsSchemaAttrCount: 1507
> dsaVersionString: 10.0.26100.1 (WinBuild.160101.0800)
> databaseGuid: 00000000-0000-0000-0000-000000000000
> approximateHighestInternalObjectID: 5147

1 Objects returned

Rating 3.00 out of 5

6/6/2024

joeware license clarification

by @ 10:38 pm. Filed under general

A colleague from my HP days (neither he nor I work for HP anymore) reached out to me to ask for clarification on the joeware licensing for use WITHIN a company, specifically the company he works for now. He wasn’t asking for you and your company, I mean, he is a terribly great nice person and cares a great deal about people and I can absolutely say this as I worked with him for quite a while, but he does have his priorities. Open-mouthed smile  What he asked does apply to most companies as well so if there was any confusion in your companies, I am sorry for that. I hope this clarifies things.

The question was, basically… If we want to use your tools internally, does every single person in the company have to download the tools individually or can we download a copy and put it up on an internal SharePoint, File Share, or OneDrive (or whatever)?

If it is for corporate use and not being distributed to others, especially as part of a solution being sold, then feel free to download and serve out to your internal corporate users from whatever internal distribution model you want to use. Feel free to drop me a line giving me hints on what tools and how popular they are so I can keep the usage in the back of my mind for tool popularity but you don’t even have to do that.

I will even, and have in the past, negotiated terms with folks who want to distribute joeware tools as part of their solutions they are selling to their customers. I am not greedy about it, I just think my beak should get a little bit wet too if someone is taking my work and using it to make some money themselves. I, at least, deserve a nice dinner and something from the top shelf of the dessert cart if someone is making money off of what I have created that they find to be so good it is worth selling as part of something under their own banner. Considering over the last 25 years how much time my tools have saved, how many people and companies I have helped, and how many millions, yes millions of $$$ that my tools have saved companies it is a bit stingy not to share some love with me.

     joe  

Rating 4.80 out of 5

10/28/2023

Welp, it was good for a while but…

by @ 2:50 pm. Filed under general

…Microsoft, you have become so damn annoying with Windows Defender and other things that I am looking to turn it off permanently because I, not you, gets to be the arbiter of what I want on my machine and if I say leave this on my machine, I shouldn’t have to retell you over and over and over and over again.

Not only that, I am now looking to completely replace my Windows Laptops with FreeBSD laptops. It brings me no joy to say that as a near 20 year Microsoft MVP but you always wanted us to be honest about when MSFT is doing a shit job and well… In many areas and in many ways, you are absolutely doing a shit job. If I can find a manufacturer that actually builds decent quality laptops that come pre-loaded and fully supported with FreeBSD, I will start buying them exclusively for my home. I will sill have virtual Windows servers for testing things for work until I find alternative solutions for that as well but I am likely going to be removing all Windows from my personal life.

In the meanwhile I am looking into this.

https://www.makeuseof.com/permanently-disable-microsoft-defender-windows-11/

Rating 4.50 out of 5

10/14/2023

AdFind V01.62.00 released

by @ 7:59 pm. Filed under general

I released V01.62.00 last night to fix a crash bug introduced in V01.61.00 from integrating some of the joe only private ldap query tool functionality because some of the core functionality was different enough to be problematic.

If you ran into that crash bug, my deepest apologies. Smile 

  joe

Rating 4.67 out of 5

10/8/2023

Final compiles for AdFind V01.61.00 and AdMod V01.28.00 and…

by @ 5:45 pm. Filed under general

I just performed the final compiles and final commits for AdFind V01.61.00, AdMod V01.28.00, and joe’s private LDAP query tool because MSFT has their head up their ass in going after AdFind and I need a tool around that doesn’t just disappear when they decide to take it because they know better than anyone else what should be allowed on Windows machines and casually ignore that AdFind has never caused any damage and that PowerShell is used regularly to harm companies. This tells you the level of intelligence going on in the MSFT Antimalware/Antivirus space. They could be redefining how Antimalware and Antivirus are handled but clearly have no one smart enough to do it. If they ran the rest of the world there would be no pressure cookers, cars, bats, knives, guns, sticks, or rocks.

I should have the new versions of AdFind and AdMod up on the website in the next 1-7 days I expect.

   joe

Rating 4.67 out of 5

Bard learns better than most people.

by @ 12:19 pm. Filed under general

image

image

image

Rating 4.33 out of 5

Microsoft AI should probably replace the folks over at Microsoft Defender Analysis

by @ 12:04 pm. Filed under general

image

The first bit is of course wrong, AdFind cannot bypass any security in place.

The second bit is of course right, AdFind is not malware despite what Windows Defender says. I expect this goes back to some person at Microsoft who doesn’t understand what software is nor how it works and has never, on their own, ever produced anything of value that people liked to use. Smile

Rating 4.50 out of 5

9/18/2023

Nara is blogging now!

by @ 9:31 pm. Filed under tech

My good friend, former coworker, and someone I trained for several years on the topics of Active Directory, Windows, and just troubleshooting the world at scale with basic fundamentals is now blogging the cool and fun stuff he is digging into which is usually a mix of Windows, AD, Azure AD (ok Entra ID), and GCP. You can check him out at

https://blog.naraware.net

Tell him I said hi! 🙂

joe

Rating 4.20 out of 5

5/6/2023

New Versions of AdFind and AdMod Posted

by @ 6:59 pm. Filed under tech, updates

I know I know, I have said this a few times, I will not be building new versions of AdFind / AdMod and releasing them, but here I am again, releasing new versions of AdFind/AdMod.

Note, AdFind is STILL not malware, regardless of what any security tool or security “expert” says. If your company blocks the download or running of it, go talk to your Security folks and tell them to stop it because the tool isn’t dangerous. In fact, if they want to block something, tell them to block PowerShell, that is actually dangerous.

Check out their individual download pages for the changes. Mostly bug fixes though I have started adding some more Red Hat IPA decodes (time decodes) to AdFind. If you see issues, let me know, my previous test bed is now unavailable and I haven’t built a new one yet.

If your browser won’t download it, check out https://blog.joeware.net/2023/02/22/6166/

Rating 4.67 out of 5

4/29/2023

And we are back…

by @ 12:21 pm. Filed under general

I am not entirely sure what happened but it took out the blog for a few days, looks like from 2023-04-24T155831 until just a few minutes ago as I troubleshot the operation. I didn’t realize there was a problem until yesterday at work I went looking for a specific post to send to someone and it said, yeah no, not today. I spent roughly an hour this morning working on it. If you run into it not working, feel free to email me at support@joeware.net to alert me.

I tracked the issue down to an included file in .user.ini (the file hasn’t changed since December 2022). The path listed there for an include file was wrong (extra duplicated folder in the path /hermes/walnacweb04/walnacweb04 vs /hermes/walnacweb04) and I would have expected that to break back in December. I am guessing there was some back end file system shuffling going on that I am not privy too (Someone Else’s Servers) nor alerted about being mucked with. Thankfully (thanks entirely to me) I know how to troubleshoot functionally and am not limited to, like so many, troubleshooting by asking everyone what changed in their areas.

When I first looked, none of the startup type files had been changed in some time so I created a new test index.php with a simple print “Hello world”; and it also errored out so I theorized it was something being auto-included and had to go looking for what it could possibly be. Generally speaking, I am not happy to see any kind of deep hardcoded paths like that, why doesn’t it handle it in a more dynamic way where the only hardcoding is at the level that I manage… So up in the /joeware.net/blog/htdocs level.

Anyway, apologies to anyone out there that came here looking for something and was disappointed because the site was down. I don’t get paid for this but I do try to keep it running because I see the amount of usage the site has, still has.

  joe

Rating 4.67 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]