Information about joeware mixed with wild and crazy opinions...
Awesome! 🙂
Dear joe,
Congratulations! We are pleased to present you with the 2013 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Directory Services technical communities during the past year.
[yop_poll id=”10″]
I recall sharing how to extend an Active Directory user’s password expiration previously somewhere, probably on the ActiveDir Org list but perhaps even in this blog… I don’t remember exactly where. This topic popped up in my head this morning because I saw via twitter (@joewaredotnet) that someone released a tool called "AD Password Extender" – http://www.mannerud.org/software/ad-password-extender/
Basically you are resetting the password last set date for a user id so that they are "starting fresh" with whatever policy is in effect for their password expiration (Password Settings Object or Domain Policy).
If you want a formal tool to do it, check out the tool above. If you just want to use mechanisms you already have available (any LDAP modification tool should work), you simply have to write a 0 into pwdLastSet (which immediately expires the account) and then a -1 into pwdLastSet which sets the value to the current date. Now that the value is set to the current date any policy checking for expiration will not know a difference and think the user truly changed their password on that date.
Here is an example with AdMod…
[Thu 09/05/2013 9:48:43.31]
C:\>adfind -default -f name=$joe pwdlastset -tdcd
AdFind V01.47.00cpp Joe Richards (joe@joeware.net) October 2012
Using server: CHILD-TADI-DC1.child.testadi.loc:389
Directory: Windows Server 2008 R2
Base DN: DC=child,DC=testadi,DC=loc
dn:CN=$joe,CN=Users,DC=child,DC=testadi,DC=loc
>pwdLastSet: 2013/05/25-01:34:39 Eastern Daylight Time (-103 days 8 hours 14 minutes 30 seconds)
1 Objects returned
[Thu 09/05/2013 9:49:10.96]
C:\>adfind -default -f name=$joe -dsq | admod pwdlastset::0
AdMod V01.18.00cpp Joe Richards (joe@joeware.net) March 2012
DN Count: 1
Using server: CHILD-TADI-DC1.child.testadi.loc:389
Directory: Windows Server 2008 R2
Modifying specified objects…
DN: CN=$joe,CN=Users,DC=child,DC=testadi,DC=loc…
The command completed successfully
[Thu 09/05/2013 9:49:29.44]
C:\>adfind -default -f name=$joe pwdlastset -tdcd
AdFind V01.47.00cpp Joe Richards (joe@joeware.net) October 2012
Using server: CHILD-TADI-DC1.child.testadi.loc:389
Directory: Windows Server 2008 R2
Base DN: DC=child,DC=testadi,DC=loc
dn:CN=$joe,CN=Users,DC=child,DC=testadi,DC=loc
>pwdLastSet: 0000/00/00-00:00:00 (UNDEFINED)
1 Objects returned
[Thu 09/05/2013 9:49:31.69]
C:\>adfind -default -f name=$joe -dsq | admod pwdlastset::-1
AdMod V01.18.00cpp Joe Richards (joe@joeware.net) March 2012
DN Count: 1
Using server: CHILD-TADI-DC1.child.testadi.loc:389
Directory: Windows Server 2008 R2
Modifying specified objects…
DN: CN=$joe,CN=Users,DC=child,DC=testadi,DC=loc…
The command completed successfully
[Thu 09/05/2013 9:49:37.11]
C:\>adfind -default -f name=$joe pwdlastset -tdcd
AdFind V01.47.00cpp Joe Richards (joe@joeware.net) October 2012
Using server: CHILD-TADI-DC1.child.testadi.loc:389
Directory: Windows Server 2008 R2
Base DN: DC=child,DC=testadi,DC=loc
dn:CN=$joe,CN=Users,DC=child,DC=testadi,DC=loc
>pwdLastSet: 2013/09/05-09:49:37 Eastern Daylight Time (-2 seconds)
1 Objects returned
It was terribly more difficult than it should have been but it has finally been accomplished.
I have changed from some perl CGI scripts to some PHP scripts for download functionality so let me know if you have issues.
Also I think there may be something a bit hinky going on in wordpress so I need to work that out. If you notice something odd there let me know as well.
joe
I am moving everything associated with joeware.net to a different hosting account (but with the same provider). Just doing some consolidation work. However it involves converting some perl stuff to some php stuff because my provider and their support staff seem to have issues with perl and while I think I am handling everything well there could still be some issues. Especially when I start cutting over which should happen between now and the end of August. If you notice any issues, give it a couple of hours and if it is still a problem then email me and let me know… 🙂
joe
Google apparently broke some IPv6 DNS lookup functionality in the latest rev of Chrome (v28.x) and folks who were using it to tunnel into corporate networks via DirectAccess suddenly stopped working.
The simplest fix is to add the switch "–enable-ipv6" to the shortcut. Things should work great after that.
http://technet.microsoft.com/en-us/sysinternals/bb897434.aspx
ZoomIt is a screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations.
ZoomIt works on all versions of Windows and you can use pen input for ZoomIt drawing on tablet PCs.
So I am trying to duplicate the output of a very simple AdFind command to locate a universal group and enumerate the members in a simple quoted DN format. I want identical output to the console or perhaps I could live without the quotes.
The AdFind command looks like:
adfind -gcb -f "displayname=some group displayname" member –qlist
I spent more time than I should trying to figure out how to duplicate it. Nothing intuitive seemed to work.
Apparently Get-ADGroup requires you to specify the actual GC name and port in order to perform a GC search… Several other ADWS cmdlets seem to require the same. WTF?? Seriously? Anyone remember serverless bind on the team that wrote those cmdlets? How hard is it to add a simple -gc switch or if you absolutely must -GlobalCatalog or even -PleaseUseAD***GlobalCatalog?
The best I have gotten to to this point is:
$gc=(Get-ADDomainController -discover -service globalcatalog).hostname[0] + ":3268" ; $dn=(Get-ADGroup -server $gc -searchbase "" -f ‘displayname -eq "some group displayname"’).distinguishedname ; (Get-ADGroupMember $dn).distinguishedname
Even for PowerShell that seems a bit verbose. What am I doing wrong?
joe
You can do it with Forms
Some additional links about Outlook Forms
http://office.microsoft.com/en-us/outlook-help/overview-of-forms-in-outlook-HA010165958.aspx
http://support.microsoft.com/kb/146636
http://www.techrepublic.com/blog/10things/10-easy-steps-to-customizing-an-outlook-2010-form/2635
Or you can use a simple plugin from Microsoft Research
http://research.microsoft.com/en-us/projects/researchdesktop/noreplyall.aspx
[joeware – never stop exploring… :) is proudly powered by WordPress.]
