βThe really really bad thing is that when it blows and goes viral in the media, no one is going to sit back and figure out that Company XYZ was being stupid, it is going to be that IT Provider ABC didnβt run the environment properly.β
-me
joeware - never stop exploring... :)
Information about joeware mixed with wild and crazy opinions...
11/26/2012
11/16/2012
MD-5 and SHA-1 Digests now available for joeware utilities
I have been asked a few times recently for MD-5 and/or SHA-1 digests for the various utilities. I put some perl code together last night to generate that information and I have added it to the versions.txt file that is on the website. I will likely slowly add it to the actual individual tool pages as well. I have also "compiled" the script with ActiveState’s wonderful PerlApp Utility from the Perl Dev Kit and uploaded that to the website as well so you can use it if you don’t currently have a tool for generating the digests.
It looks like:
F:\joewaretools>joewaredigest *.exe
joewaredigest V01.00.00pl joe@joeware.net November 2012
AccExp.exe 743215e8b481c4d83cb19d844f9c9574 eb5f827483002389dae0bb3b16f7387c1bf66b8d
AdFind.exe ff3dad91b266fee1ea107a2c9964349a 4acc9ddf7f23109216ca22801ac75c8fabb97019
AdMod.exe c64665b4d245dab287317e28b7f6ecd5 15ff3b3be83a1fd5582cb17a8edeaa9d1aebde3e
AdQueueLoop.exe 9db4f587fe9255025660686061e77a0a 5076ee44ad9c9cb074ba31333af0997b35b9ad43
ATSN.exe 430b0d6dc378b112d6669e1dd2c50440 a1b88b10541ef2a73bd0c08411c314898b9f5303
Auth.exe 3758b8df84e839c870be1923f790bb99 a6d1a2a560c74f39145a81be4918890af028b7ff
changepw.exe e7f36e96a2eb587dc13e170f4d2ecfed 078f89368ff6e1d1e20536b817ec4391131468b5
ClientTest.exe 37dcbd53a07a1058cdbac6c995f2c587 72f92b61c180b4f97033c8846a17ebd727589c8c
CPAU.exe 7100f979b8516b8c1ae6ff858435626e c6a596b10bc8fd05f8a13859fef8b2cf7a9360e7
DNSSrvRec.exe 2d36802ffe70e3328e62dd3094123af2 a25663bf9db368247aba79ef381830943932f1da
ELDLLExInstall.exe bd1c5fb5af14289fafaf4e994545dd81 207b7dc29090057396958feaec02c7d989b7ffd1
ELDLLInstall.exe 271d3fa6fc9a4e2981c268abee02af35 faf19566c4954d796f284d990bf99509bf05d1a2
ExchMbx.exe 2f373a9c206f5a2794cfc693f604d9fe 8d07815581f07b2262a6ba2a213ba7eceff81c4e
Expire.exe 3bfa82b554c5803dc809f343999642c1 7c0300da0049dc756e2ea91754c201d02510261a
FindExpAcc.exe d1b13d81b20e0fd6158b145f2fdd4213 b30b449f256edc82f4f489622f2507333966eb9d
FindNBT.exe 3b8d3657b36aec0fb7a0bebc4d88f0c2 a6139dc3a7f6d09e59a77c40977f2ea1f1e327de
FindPDC.exe 410279342c05c78673bcf67952993734 dec101ba2ed776db7e6b5827770af0c65a34da59
GCChk.exe 5d3049643055c3328a34faecba001339 826ee4a1a09811196f286395de502b4cb1612cc0
GetUserInfo.exe 541f3288a001970902b4fccf72ba2343 213f06ed5ac9e688816b4bbe73bf507994949964
joewaredigest.exe 9dce93eb13bdebd0deedec2c1c4e48f2 5480c03010b85dd56f7050f5765c412fb0c70d00
LG.exe d94bc7bc2417e60a734e9dba03bb01c9 534dd71b75b1af65c967b4b6f526b78859a52bfd
MachinePwd.exe c5080d587849d58960b893cdb59e0024 b606b266dad0b5db08182a446595dc7c50297ce2
MemberOf.exe c846cbbce2e994e7446ebda947a15e45 70028baf4655875e0968161a5061d658dc645cda
NetSess.exe f310584eb1538cb78ca8c225038b2e54 965013bf24513f9c312db9483f87d3c87e1b77ba
OldCmp.exe e1848235d8b33b654347a8126c9819ff 98e374fb09273209fa3517d39ef60e62b3a011e5
PSOMgr.exe 6a937c91f9cc3bee30973f4b458b622d 5a9d449f5a95909a7afd84dabf031e54a5058cf3
QLogoff.exe b8e7fe3cbb62434738c22646eeba60aa d524d0ee81d104d337049ea6c40e1f685a80e097
Quiet.exe 935809d393a2bf9f0e886a41ff5b98be 1ed3fc1669115b309624480e88c924b7b67e73bb
SecData.exe b8529e94362019eff4235e1b2d2f6514 542925dd6d05abb8d74413578ebd85908316ca9d
SecTok.exe 99f7e80c898c22a3fbe533290b041eef a63aa49372a3ca599421a77b34e65a7095d260bc
SeInteractiveLogonRight.exe d1ca0d6e932634546e9e1438ce13d345 910ddd53163c4c1c769fc52994a4a16d0290e7d3
ShrFlgs.exe 7586ff1e497938cad331f195f2ee6229 155aff9ebd025dc701006e7ecef6427dd8da73ef
SidToName.exe 0e696ea81217a1ff8776e9312056a703 bdfc8f240a9e44a4c8a52da6a8bdff3b1c427ae5
SNU.exe f366bc2e029979f331f1bedabd2d45ce 57b1d31667a6823581f1e777b52d8dc9915cf228
svcutil.exe 35a880716fd517f7d2b727857c48cda6 96a97e4ae44dd16a5b30e6506a0d37d0413cc8da
Unjoin.exe bd5137615c5f947be510c8b1d210d529 36cd5bf149e468a85a398b697bd8e8c7fa981c08
Unlock.exe a0537949f105fa16e367d535b272c9bc bc76333a5f6b10b162fa34b9ddf6a46fd65f1a88
UserDump.exe a14ac214dd83ecf75c5032ba1098c416 d263cd402c4d203c17aa0274c9082ddbac1240b3
UserName.exe dc31f02293a3914bfb813d6664165392 9a4483ae37170eec25b83d157c806438a1b51d2d
W2KLockDesktop.exe 6ac3acb478d4c39cafa25610708e12bd 72108f7602363064adc32c7e6f7b0d63bb958db8
WriteProt.exe 1410134ff602b0ea3719fbc52a02cfcd 253504025a3335bae43e14c9edea23b57b96b0cf
Command Completed.
Please see http://www.joeware.net/freetools/digest.htm for more information. π
joe
11/8/2012
Morning chuckle…
A friend sent me this this morning, made me chuckle. π
11/7/2012
New LDAP / Active Directory / Directory Services Wiki is hot…
If you didn’t have the ability or time to use the QR Code I posted yesterday, it was a QR Code to take you to the new dsWiki WIKI site I set up that was previously discussed here. Please check it out, it is a work in progress and I am looking for feedback. I want this to become a very useful resource for people out around the world working on AD and other LDAP servers.
The URL is http://dswiki.joeware.org or http://link.joeware.org/dswiki or http://link.joeware.org/adwiki
You will also notice that Google Ads will start popping up. I don’t really know what I am doing with it yet so it will be a learning experience to make it look good and be useful. And thoughts, ideas, or questions, let me know.
joe
11/1/2012
For the FireFly lovers out there…
Firefly Anniversary on Science Channel November 11.
10/31/2012
AdFind V01.47.00 Released.
I just released AdFind V01.47.00 this evening. It is the Jack Skellington release. π
http://www.joeware.net/freetools/tools/adfind
It is a small batch of changes with one fairly important change that is in beta.
- Fixed bugs with -this,-ameta,-vmeta (and general metadata output).
- Changed Win8 decodes strings to Windows 2012.
- Added switch -nopaging.
- Added shortcut -sc ridpool.
The main reason I opened up the code to make changes was to change the Windows 8 references to Windows Server 2012. I also added some new decodes including a supportedCapabilities value that didn’t exist in the beta that I pinged the DS Team about and got them to add ">supportedCapabilities: 1.2.840.113556.1.4.2237 [LDAP_CAP_ACTIVE_DIRECTORY_W8_OID]", that OID name is straight from the MSDN docs.
Especially note the new BETA -nopaging switch. By default, from the very beginning, AdFind has used the LDAP Paging control so it could return any number of entries. Over the years I have had a few people ask for a switch to turn paging off. This is usually related to them trying to query some non-AD LDAP Directory that doesn’t support Paging or because of a bug in AD that messes with Index selection on paged queries (LDAP queries are executed more slowly than expected in the AD or LDS/ADAM directory service and Event ID 1644 may be logged).
I have wanted to add the -nopaging capability for some time but didn’t previously see a way, sort of like what happened with CSV output years ago all of a sudden something clicked and I realized how I could do it so here it is. It is beta because I have found a few oddities that I had to fix and it is possible there could be more as the main loop of the engine just wasn’t built with non-paged queries in mind.
There is also a fix for metadata output, specifically -vmeta for when there is a large number of value metadata entries. For whatever reason when I first set it up I didn’t set it up to properly decode the binary value when value ranging kicked in for the metadata attribute. If it screwed up, it was very obvious, the output would look something like:
dn:CN=group,CN=users,DC=test,DC=loc,DC=adam
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
>msDS-ReplValueMetaData;binary: X
<SNIP>
This isn’t a required upgrade but if you use AdFind to output metadata or work with Windows Server 2012 DCs I would recommend upgrading.
joe
Writing changes to only one ADAM/ADLDS instance
Since ADAM first came out I have received a similar question from several admins and developers (at least double digit but definitely not triple digit numbers) asking how they could make it so changes could only be written to a single ADAM instance so they could control the flow of replication better or always know they had at least one place they could always go for the absolute latest info like, for example, with the PDC and user account passwords in Windows Active Directory Domains. That way if an auth failure occurs, they can manually implement a PDC Chain like functionality. But this could be for other needs as well when you MUST know the absolute current answer to a given question and can’t trust that replication has occurred since the last change.
I wanted to go back to those folks to see how many actually implemented the process I described and if so, what issues they may have encountered with it and possibly what changes they made to the basic model to make it work more efficiently for them. I started searching my email and was not able to track any of them down which is certainly a failure on my part to properly archive my emails all in a nice clean single location (some day that may be the case…) combined with the destruction of I don’t know how many desktop and laptop machines since ADAM came out.
Anyway, I am hoping that one or more of those people may see this blog post and respond to me with feedback on the method. Basically that method involves using local IDs on a single ADAM instance machine.
So if anyone is using this method, please send me feedback (email or comment is good) on how it is working out. If I told you about it either through direct email or responding to a post in a newsgroup, please indicate that, if you got that solution from someone else (I am curious how many people invented this same solution) please indicate that as well. Or if you are just interested in hearing about how to set this up, please let me know that as well.
thanks!
joe
10/29/2012
Running AdFind in an iterative script
If you find that you are running AdFind in an iterative script, say digging up some given attribute for some large list of objects, try using the -DLOID switch. This tells AdFind NOT to download parts of the schema to help with decoding various attributes. You should notice a pretty decent speed increase since you will have less work and less traffic between the DC and the client. Of course if what you are doing depends on that decode. Well then you get to live with it. π
10/18/2012
Forcing replication of SYSVOL via NTFRS
I have been asked this question something like four or five times by different people in the last three days who say they can’t seem to google the answer so here it is…
ntfrsutl.exe forcerepl DestinationDC /r "Domain System Volume (SYSVOL share)" /p SourceDC.domain.com
So if I have a PDC of JoePDC.joe.com and I have a DC named DC1.joe.com and I want to force replication of sysvol from the PDC to the DC, the command would be
ntfrsutl.exe forcerepl DC1 /r "Domain System Volume (SYSVOL share)" /p JoePDC.joe.com
or
ntfrsutl.exe forcerepl DC1.joe.com /r "Domain System Volume (SYSVOL share)" /p JoePDC.joe.com
That is all…
joe
[joeware – never stop exploring… :) is proudly powered by WordPress.]
