No more Sanjaya… It was way overdue but thankfully it is over now.
Might as well just get down to the final two… Blake and Jordin head to head.
Jordin is by far the better singer but Blake is hella entertaining.
joeware - never stop exploring... :)
Information about joeware mixed with wild and crazy opinions...
4/18/2007
4/17/2007
4/15/2007
PSOMgr is done…. I think. :)
I finished V01.00.00 of PSOMgr yesterday. PSOMgr is a command line utility I built to help manage Fine Grain Password Policy Password Settings Objects that are present in Longhorn Server Active Directory. I also set it up to manage Domain Password Policy Settings as well.
If you didn’t read my previous info on FGPP then you can check that out here – http://blog.joeware.net/2007/03/18/828/
The goal was to have it ready for the Directory Experts Conference 2007 for release at the conference during the Longhorn Workshop on Sunday. The conference attendees will receive a special link to download the utility about a week before the general public can download it. That probably isn’t terribly enticing for many because Longhorn is still in beta and won’t be released until at least the end of this year, but don’t forget, PSOMgr can be used for displaying and modifying your domain password policy as well… But if you don’t go to DEC you have to wait a whole week more than you would have to wait if you were at DEC.
Here is sample output showing the current domain policy for both domains in my Longhorn test forest. Note that this will work on any Active Directory forest regardless of OS level of the Active Directory.
F:\Dev\BDSCPP\PSOMgr\Release_Build>psomgr /h lhb2-dc1 /view /dompol /alldoms
PSOMgr V01.00.00cpp Joe Richards (joe@joeware.net) April 2007
Using host: Default-First-Site-Name\LHB2-DC1.lhtest.loc
Retrieving Domain Policy...
Policy Listing
--------------
Policy #1
Type : Domain Policy
Domain : lhchild.lhtest.loc
Policy Precedence : 2147483647
DN : DC=lhchild,DC=lhtest,DC=loc
Name : lhchild
Canonical Name : lhchild.lhtest.loc/
Display Name : lhchild
Lockout Threshold : 0
Lockout Duration : 30
Lockout Observation: 30
Min Pwd Age : 1
Max Pwd Age : 42
Min Pwd Length : 7
Pwd History : 24
Pwd Complexity : TRUE
Pwd Reversible : FALSE
Policy #2
Type : Domain Policy
Domain : lhtest.loc
Policy Precedence : 2147483647
DN : DC=lhtest,DC=loc
Name : lhtest
Canonical Name : lhtest.loc/
Display Name : lhtest
Lockout Threshold : 0
Lockout Duration : 30
Lockout Observation: 30
Min Pwd Age : 0
Max Pwd Age : 91
Min Pwd Length : 7
Pwd History : 24
Pwd Complexity : TRUE
Pwd Reversible : FALSE
The command completed successfully.
Here is the usage info for the utility:
PSOMgr V01.00.00cpp Joe Richards (joe@joeware.net) April 2007
-help Help.
-? Help.
Usage:
PSOMgr [switches]
Switches: (designated by - or /)
[CONNECTION OPTIONS]
-h host Host to use. Defaults to default Domain Controller
[ACTION OPTIONS]
-view View PSOs and/or Domain Policies.
-rename xxx Rename PSO to new name xxx. Select PSO to rename with
selection criteria below. Best to specify -pso PSO_DN
-del Delete PSO. Select PSO to delete with selection criteria
below. Best to specifify -pso PSO_DN
-multidel Delete multiple PSOs. Select PSOs to delete with selection
criteria below.
DELETE NOTES:
o By default you cannot delete a PSO that has a member
assigned to it. Use -override to override.
-quickstart Quickstart mode to create several base PSOs automatically.
Will generate a copy of the domain policy as a PSO, will
also generate a fixed list of additional common PSOs. If you
would like to generate copies of the domain policies for
every domain in the forest in the specified domain, use the
-alldoms switch. This could be useful for domain collapse.
-effective xxx Display effective policy information for user xxx. The
xxx value could be specified as SAM Name, UPN, or DN.
-applyto xxx Apply policy specified with criteria to object specified
in xxx, could be SAM Name, UPN, or DN.
-unapplyto xxx Same as -applyto but unapplies.
-clearapplied Clear all members from PSO assignment. Specify PSO with
with selection criteria.
-applied Show objects that the PSO is applied to. Specify PSO(s) with
selection criteria. Will only show members from the same domain
as they are the only ones that will be effective. Format of
output:
resultantflag[objecttype] DN (SamName | UPN)
The resultantflag field could be
empty for non-user type objects
+ if resultant policy is the same as displayed policy.
- if resultant policy is different from displayed policy.
-add xxx Add PSO with selected attributes in xxx. Specify domain to
create PSO in with -domain switch.
ADD NOTES:
o Format of xxx is specified below in ADD/MOD NOTES.
o By default if you specify a PSO that matches the policy
settings of an existing PSO it will disallow the add
operation and let you know what that PSO's DN is.
-mod xxx Modify PSO with selected new attributes in xxx. Specify PSO
with selection criteria, preferably PSO DN.
MOD NOTES:
o Format of xxx is specified below in ADD/MOD NOTES.
-forreal Really do any actions that make changes.
ADD/MOD NOTES:
The -add and -mod switches are probably the most complex in this
utility because of the amount of information that can be specified.
There are 12 pieces of information needed to create a PSO. To keep
things consistent the same format is used for -mod. The fields are:
name - Required for add. Not req'd for mod, will rename PSO.
displayname - Not required for add nor mod. Defaults to name.
precedence - Precedence of policy, required for add. Lowest wins.
maxpwdage - Max password Age in days. Not required, default value.
minlength - Min password length. Not required, default value.
history - password history count. Not required, default value.
lo_count - Lockout Threshold. Not required, default value.
lo_duration - Lockout Duration in mins. Not required, default value.
lo_observe - Lockout Observation in mins. Not required, default value.
minpwdage - Min password Age in days. Not required, default value.
complexity - Password complexity (true/false). Not required, default value.
reversible - Password reversible (true/false). Not required, default value.
The default format for specifying the info is a single colon delimited string:
name:displayname:precedence:maxpwdage:minlength:history:lo_count:
lo_duration:lo_observe:minpwdage:complexity:reversible
To make this simpler, not all values need to be specified this way,
most of the fields have default values if you want to accept them. If
you want to find out what the default values are, specify -add with
the few required attributes but don't specify -forreal and PSOMgr will
tell you all of the values. There are also 'override' switches to allow
you to specify specific fields with additional switches. If these
are used you just have to specify the first 4 fields for an add in
colon delimited format.
-lockout threshold:duration:observation
-pwdage max:min
-pwdlen minlength
-pwdhist historycount
-pwdcomplex (true|false)
-pwdreverse (true|false)
[SELECTION CRITERIA OPTIONS]
-pso [xxx] Specify a specific PSO with name/displayname xxx or with
no specified xxx to view all PSOs.
-dompol Specifies Domain Policy.
-allpwdpols Specifies both domain policy and PSOs.
-alldoms Look at all domains in forest.
-domain xxx Policy for Domain xxx.
-used Only PSOs that have members applied to them.
-unused Only PSOs that do not have members applied to them.
[AUTHENTICATION OPTIONS]
-u id Userid authentication. AD simple bind supports All ID
formats and secure bind only supports ID formats 1 and 2.
No userid specified indicates anonymous authentication.
ID Formats
1. domain\userid
2. user@domain.com (userPrincipalName)
3. cn=user,ou=someou,dc=domain,dc=com (DN)
-up pwd Password for specified userid. * indicates to ask for password.
-simple Simple Bind
[OUTPUT OPTIONS]
-dn Only display PSO DNs
-dnprec For view action, display PSO and precedence only.
-v Verbose output, give more info about what is going on.
-sort xxx Change sort order output.
xxx = precedence - Sort by domain + policy precedence.
default sort - Sort by type + canonicalName.
Examples:
View Examples
psomgr /view /dompol
View domain policy of default domain.
psomgr /view /pso
View PSOs in default domain.
psomgr /view /pso /domain domx
View PSOs in domain domx.
psomgr /view /pso /used
View used PSOs in default domain.
psomgr /view /pso /unused
View unused PSOs in default domain.
psomgr /view /pso test
View PSO with name,displayname, or admindisplayname of test
in default domain.
psomgr /view /allpwdpols
View all password policies in default domain.
psomgr /view /pso /alldoms
View PSOs in all domains in forest.
psomgr /view /dompol /alldoms
View domain policies in all domains.
psomgr /view /allpwdpols /alldoms
View all password policies in all domains.
psomgr /view /allpwdpols /alldoms /h serverx
View all password policies in all domains, use serverx as
a starting point.
psomgr /view /allpwdpols /alldoms /h serverx /sort precedence
View all password policies in all domains, use serverx as
a starting point and sort by policy precedence.
Add Examples
psomgr /add newpso10::1 /lockout 99:99:99 /pwdage 100:100
/pwdcomplex TRUE /pwdreverse true /pwdlen 101
Add PSO newpso10 with precedence of 1 and other specified values.
Will NOT create since /forreal is not specified.
psomgr /add newpso10::1 /lockout 99:99:99 /pwdage 100:100
/pwdcomplex TRUE /pwdreverse true /pwdlen 101 /forreal
Add PSO newpso10 with precedence of 1 and other specified values.
This will really create the PSO.
psomgr /add testpso-1::1000
Add PSO newpso-1 with precedence of 1, use defaults for the rest.
Will NOT create since /forreal is not specified.
psomgr /add testpso-1::1000 /forreal
Add PSO newpso-1 with precedence of 1, use defaults for the rest.
This will really create the PSO.
psomgr /add testpso-1::1000:100:6:30:50:1:1:0:true:true
Add PSO newpso-1 with specified values. Will not really create.
psomgr /add testpso-1::1000:100:6:30:50:1:1:0:true:true /forreal
Add PSO newpso-1 with specified values. Will create.
Delete / MultiDelete Examples
psomgr /del /pso pso-1
Delete PSO pso-1 in default domain... But not really.
psomgr /del /pso pso-1 /forreal
Delete PSO pso-1 in default domain...
psomgr /multidel /pso /forreal
Delete all unused PSO's in default domain...
psomgr /multidel /pso /forreal /override
Delete all (used and unused) PSO's in default domain...
psomgr /domain domx /multidel /pso test* /forreal
Delete all unused PSOs that start with test in domain domx...
Rename Examples
psomgr /rename newname-1 /pso oldpsoname /forreal
Rename oldpsoname to newname1.
Modification Examples
psomgr /dompol /mod :::42:7:24:0:30:30:1:true:false /forreal
Modify domain policy with specified values.
psomgr /mod /dompol /lockout 50:2:2 /pwdage 91:0 /pwdlen 10 /forreal
Modify domain policy with specified values.
psomgr /mod /pso testpol /lockout 50:2:2 /pwdage 91:0 /pwdlen 10 /forreal
Modify PSO testpol with specified values.
Quick Start Examples
psomgr /quickstart
Quick Start PSOs for default domain. But not for real, just see what
it would do.
psomgr /quickstart /forreal
Quick Start PSOs for default domain.
psomgr /quickstart /domain domx /forreal
Quick Start PSOs for domain domx.
psomgr /quickstart /alldoms /forreal
Quick Start PSOs for default domain but create PSOs for the password
policy from every domain.
Applied Examples
psomgr /applied /pso
Show membership applied to every PSO in default domain.
psomgr /applied /used /pso
Show membership applied to every used PSO in default domain.
Clear Applied Examples
psomgr /clearapplied /pso mypso /forreal
Clear all members of the PSO mypso.
Apply To / Unapply To Examples
psomgr /applyto myuser /pso somepso /forreal
Add myuser to policy somepso.
psomgr /unapplyto myuser /pso somepso /forreal
Remove myuser from policy somepso.
Effective Examples
psomgr /effective joeuser
Show applied policies and the effective policy of joeuser.
This software is Freeware. Use at your own risk.
I do not warrant this software to be fit for any purpose or use and
I do not guarantee that it will not damage or destroy your system. Use of
this utility signifies acceptance of this warranty and acceptance of all risk.
See full Warranty documentation on www.joeware.net.
You ARE licensed the right to use this software on your own systems.
You explicitly ARE NOT licensed the right to distribute this software. If
you have a need to license the right to distribute, please email me
for licensing costs and guidelines.
If you have improvement ideas, bugs, or just wish to say Hi, I
receive email 24x7 and read it in a semi-regular timeframe.
You can usually find me at joe@joeware.net
OLED slowly making its way into the market… Cheer!
Sony Corp. said on Thursday it planned to start selling ultra-thin TVs using organic light-emitting diode (OLED) technology this year, aiming to become the first to market with a TV using the promising next-generation display.
http://www.pcmag.com/article2/0,1895,2113456,00.asp
If you aren’t familiar with OLED, it is the technology that currently exists that allow you to basically print a screen onto pretty much any kind of substrate, say like your wall, your table, your clothing, etc and display images on those surfaces. If you have ever seen any of the “future” type TV shows that show you what we will have in X years and you see rooms that you change the paint color of at the flick of a switch or turn a wall/ceiling/floor into a viewscreen or have pull out plastic screens that unroll or little animated graphics on bags, clothes, etc this is all banking on OLED technology or its successor. It is very cool stuff. You can read more of course in Wikipedia at the OLED entry – http://en.wikipedia.org/wiki/Oled
joe
Directory Experts Conference 2007 in one week…
The world famous Directory Experts Conference will be going on in Las Vegas (well just outside of Las Vegas) in one week. The festivities officially start on Sunday morning with a Longhorn Workshop where the newest joeware utility will make its public debut – PSOMgr – the one and only tool currently available for easily managing the Password Settings Objects in Longhorn Server. Microsoft actually mentioned PSOMgr on one of their knowledge sharing sessions recently that I was busy developing the tool and it would be released at DEC 2007. If I do say so myself it is a pretty cool utility for a pretty cool new feature in Longhorn – granular password policy or I think the official name is FGPP – which is either Frelling Great Password Policy or Fine Grain Password Policy – I’m not sure which. I have received some positive feedback so far from some of the Microsoft folks who took some time to peek at the utility. It is truly very nice to hear people from Microsoft that I respect saying I am doing a good job with the software I write. The best part of the utility for most is that like all of the other joeware… it is free (well as free as a download).
But back to DEC. DEC is pretty cool, I have mentioned it before and I will mention it again in the future. It is the only conference that I am aware of that focuses on Active Directory as the primary topic. Of course they have added sessions on MIIS the last few years and ADFS this year but let’s face it, all of the cool people are there for Active Directory. I won’t mind going there for MIIS (or in fact actually using MIIS) just as soon as Microsoft starts listening to me and putting ESE under MIIS instead of SQL Server or at least offering a choice of DB technologies with ESE as one of the choices. More people in this world use ESE every day than SQL Server, period, I mean it isn’t even close. Anyway, DEC is the only place you are going to go to get together a ton of people who live, breath, and really work with AD every day.
DEC, like any conference, has good sessions and bad sessions, good presenters and bad presenters, it sometimes even has great presenters (alas Dean was too busy this year…). But where DEC really shines is the time between the sessions and the social events at the end of each of the days. This is when a lot of very cool people all get together and talk about whatever cool things they have encountered recently or thoughts they have come up with or you get to watch real live corporate network production administrators VPN Dean into their networks as Enterprise Admin and let him fix things while he is sipping Glenlivet and water. I very truly enjoy that banter and chatter. You also get to hob knob with a good number of the people (and personalities) who are answering many of the questions on the ActiveDir.org listserv. Honestly, I think that this hobnobbing is what fellow DS MVP Gil Kirkpatrick, the ever efficient Stella, and the ever charming Christine, the great folks behind DEC really have in mind in having these conferences. The sessions are a great way to learn but I think in a great part they are to just to get people thinking and talking in the right direction because every year, I hear the same comments… The sessions were good but the conversations between the sessions or during the social events were amazing! And it isn’t the entertainment or the Up All Night Hacking session that actually went until 9PM or any of that stuff, it is, again, the people who do the real work in the trenches talking to other people who do real work in the trenches. There is a tremendous opportunity for people to learn stuff they may not likely hear anywhere else or to ask questions they can’t seem to find answers to anywhere else.
I really didn’t think I was going to make it this year because I have been amazingly busy compared to previous years since last summer but my very cool boss stood up and said, “yes, joe should be going to that conference…” and got the time and travel approved for me. Dean also wasn’t going to be able to make it but somehow got the time freed up to go as well so we will both be there milling about – if you are there, you will almost certainly see us – one of us is handsome, the other is English. Personally I think Dean worked out how to get there just because I was going to be there. 🙂 Whatever the reason it works out well as it isn’t the same without Dean running around and it allows me to sit back and just listen as Dean likes to do all of the talking. 🙂
joe
Tyrannosaurus Rex apparently tasted like chicken…
Tiny bits of protein extracted from a 68-million-year-old dinosaur bone have given scientists the first genetic proof that the mighty Tyrannosaurus rex is a distant cousin to the modern chicken.
http://uk.reuters.com/article/scienceNews/idUKN1231500620070412
4/9/2007
4/7/2007
4/6/2007
Hungarian in space…
Charles Simonyi is going to the International Space Station tomorrow with the Russians… I say good luck and have fun Charles, you deserve it. If you don’t know Simonyi he has had tremendous impact on the world of computers and Microsoft. If you have ever seen a variable such as szName or dwErr or uERR or anything using Hungarian notation that came from Simonyi initially… Yes he is Hungarian… If you have ever used any joeware utility or for that matter pretty much any Microsoft software, you have used a program whose code uses Hungarian notation.
http://uk.reuters.com/article/scienceNews/idUKL053394620070406
4/5/2007
Thank you for calling Company XYZ, you have reached India.
Interesting article
Call center employees would be required to disclose their physical location when U.S. consumers call them if freshman Congressman Jason Altmire of Pennsylvania has his way.
http://www.informationweek.com/story/showArticle.jhtml?articleID=198800507&cid=RSSfeed_IWK_News
Can’t say I expect that it should surprise many people…. I mean if someone says “Hi my name is John Smith” and they speak with a heavy Indian accent, it shouldn’t be entirely a surprise that they aren’t in say… Texas.
I think if you really want to make a difference, force the execs making the decisions to offshore the help desks to actually call the help desks and get assistance. That should about do it for it several of them if they didn’t just wuss out and ask for special treatment and have someone else get things handled.
joe
[joeware – never stop exploring… :) is proudly powered by WordPress.]
