I have moved AdMod into the garage for some updates, buff out some scratches, fill in some door dings, replace the cracked windshield, scrape the roadkill from the undercarriage… It is jacked up, the wheels are off, the fittings are being greased, the oil is being changed, the tranny fluid is being checked for that telling burnt smell and off color. Hmm what other car analogies can I use…
Now is the time to tell me what you want in there that isn’t in there at the moment. The things that are like… I would use admod if ONLY it did this ONE thing…
I have taken down several requests over the last year but still like hearing what people think right now. If someone comes up with something better than one of my other ideas I will put that in instead of or in addition to my ideas.
In the last week I have made the following mods:
1. Permissive modify
2. +- option, allows you to specify entirely new members for a mv attribute (contrast with zeroing attrib then repopulating)
3. Cross domain object move
4. Added switch to enable delegation on connect (needed for cross domain but could be necessary for other things some day)
5. Added -u, -up, and -simple like they are in adfind. Very popular request.
6. -SSL
7. -rootdse to specify rootdse instead of using -b “” or -b rootdse – just another mechanism to do the same thing
8. Added -default/schema/root/config like in adfind
9. Added -rb like adfind but much cooler… say you want to create a bunch of OUs called user under a list of OUs passed in through ADFIND…
Â
adfind somequery blah blah woof -dsq | admod -rb ou=users -add objectclass::organizationalunit
Â10. -upto…. modify objects until you get up to a certain number and then stop. Sort of like safety but how it is implemented in oldcmp. I am mad I wasn’t consistent with that switch… Oh well live and learn.
Currently I am working on the parse routine for a CSV import option. This is a bit trickier than I first expected because I want to properly handle “quoting” of fields so if a delimiter is in the quotes it doesn’t get treated as a delimiter. Right now I don’t have a clean way to handle that and I really dislike inelegant code.
Also I am finally getting ready to use the hooks I put into adfind with the -adcsv switch which will allow for some very cool functionality once it is done[1]. Stuff that people have been asking for that I didn’t think I could pull off efficiently unless I combined adfind/admod into one tool. If I do it right it will run circles around some of the stuff you can do with dquery/dsmod for perf and capability.
I should actually be working on my DeviantSoftware and some other stuff but there were some things I keep running into with admod that I really wanted in there as they would help me with things on a regular basis. Plus I love admod, that and adfind are personal favs of mine and like to think they are about the best you can get[2] and like to add to them to make them even better. They are about passion, not about money or realistic thinking or anything else. Having that slot in my mind, they come first over money.
  joe
Â
[1] I actually found a bug in the -adcsv switch in adfind because of this… So at least one small minor update will come out with adfind when admod gets released.
[2] Without handling unicode well…. Some day… I have worked out most of the new libraries, etc for it, I will just make the jump some time.
Admod and Adfind are both wonderful tools. Thanks for taking the time to develop them and to make them freely available. They’ve made my job a little bit easier and dare I say, fun.
So, Joe, which tools would you say you use in your general work with AD everyday? What would you say your troubleshooting steps and utilities for AD are? I know you probably do this stuff in your sleep, but would you be willing to… help a brotha out? 🙂
And yes, I do definitely agree: adfind kicks mucho butt!
How about adding the ability to convert a User Object to a Contact Object and vice versa. Option to delete the exchange mail box or disconenct it (default). What other parts of a User which can’t be stored into the Contact Object get lost (default), provide an switch to build an XML blob to hold it and place it into the Notes (default) or other specified field of the Contact Object (so if you want to extend the Contact Object schema to explicitely retain this data you may).
Possilby extend ADfind to read that XML as if it were a real object property of the same class (a soft-of-Schema extension?).
As a college many of our candidates receive AD Contact Objects at a certain point in the matriculation stage, this is later deleted and re-added as a User Object upon enrollment. One full calendar year after graduation their User Object is again deleted and converted to a Contact Object unless they are paying Alumni fees which entitles them to continuing use of the Exchange server for mail. Likewise if Alumni dues lapse an account can go inactive for a time; it would be nice to ensure a unique email address within the domain remain universally unique and non-reused.
ewmccarty:
All Exchange deletes are actually disconnects. In order to fully delete a mailbox you would need to disconnect and then go back and purge the mailbox, I am not aware of any tools that currently do that.
Interesting on the rest. I have added it to the requests for ADFIND/ADMOD. I don’t see it happening in this rev.
I am kind of curious why you guys don’t just use user objects and disable them and reenable them as necessary. When they need to be treated as contacts instead of as mailboxes you mailenable them instead of mailbox enable them.
As I understand Exchange licensing counts the number of mail enabled accounts. Our College Alumni Association members get an active Exchange email account; which may in alternating years be shut off, then turned on due to their forgetfulness, finances, whatever; though we like to maintain the emails for them when possible. When membership fees have lapsed, we would still like to keep contact with our alumni; having their Yahoo account in their Contact in the GC is useful for our Marketing / Development group. I’ll need to test, but I don’t think a non mail enabled AD User will show up in the GC. That transition from User to Contact to User to Contact isn’t something I am entirely happy with.