joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

3/19/2012

AdFind V01.46.00 and AdMod V01.18.00 RELEASED (yes finally…)

by @ 7:13 pm. Filed under updates

I was having troubles getting these updates out the door. Not to make an excuse, but I kept getting emails pointing out bugs or new functionality in the OS or cool functionality that I could implement and I kept pushing the release out further and further. Since I am not making any money off of this stuff I didn’t have the normal "ship something to get paid" impetus like normal software companies. ;)  However I did get an increasing number of people emailing saying… "Hey… any time joe…"  Those didn’t sway me, but then I started hearing "pretty please" and that kicked me into gear.

So here you go. As usual, test well. I have been using them (and updated versions of them right along) now since last fall. Thanks to everyone who has reported any bugs, typos, or offered up ideas on additional things the tools should handle; that feedback has been and always will be very welcome to me.

http://www.joeware.net/freetools/tools/adfind/index.htm

http://www.joeware.net/freetools/tools/admod/index.htm

 

Please see the web pages for the tools for the info but a quick run down of what has changed:

AdFind/AdMod General

  • Fixed a bunch of bugs (especially around CSV stuff)
  • Fixed several usage typos

 

AdFind Specific High Level

  • Added dynamic determination of int8 time attributes. This is based on finding key words in the lDAPDisplayName or adminDescription properties.
  • Ditto for interval int8 attributes
  • Mentioned this previously, but changed -sc adobjcnt so that it add -gc anymore. You can add it in manually if you need it.
  • Added a bunch of decodes in the RootDSE and elsewhere for Windows 8 Active Directory and ADAM.
  • I know decode some RID specific attributes (like RID pool values, etc)
  • Decode msDFSR-Flags which I think some folks will find helpful when converting their FRS to DFSR.
  • You can specify a filter value like in -metafilter in the -ameta and -vmeta switches.
  • Added new switches for handing of the int8 time attributes: -int8time, -int8time-
  • Added cool new switches for messing with parent DN info: -dpdn, -pdn, -pdnu, -pdnq, -pdnuq
  • Added new switch for stats for Brian, he didn’t want the filter being printed out when it was massive so -statsnofilter
  • Added a new switch for people pushing AdFind CSV output into Excel. It handles some of the DN output differently. This format is completely and utterly and totally incompatible with import back in via AdMod. If people get irked about it, I will yank the switch out versus change it so it can be imported.
  • Added -cv switch which will count values on multivalue attributes. I find this is useful for working out how many group members there are etc in a given very large group.
  • And a really fun new switch… -exportfile. This switch allows you to export binary attributes to a file. So say you uploaded a pic to Active Directory and you want to retrieve it, you can! I actually was able to upload a copy of AdMod into a random large BLOB attribute with AdMod and then pull it back down from another DC in another location with AdFind. Now this isn’t something I generally recommend, but it is possible… And even more fun, I remember for years many of us would respond to people asking about putting pics into Active Directory that if you do that, you could be opening yourself up for a corporate "Hot or Not" web site. Well you can point AdFind at a branch of AD or the whole AD and tell it to export the pictures to files and it will zip right along and do that for you. If the attribute has the string "photo" in it it will automatically name the files RDN.jpg for you. Note if you  are using goofy RDNs that cannot be directly represented in file names there is no help for you right now, it may even look like it worked, but don’t complain if it didn’t. I have to think about how I want to handle that situation.

 

AdMod Specific High Level

  • Brian also found an issue when streaming data into AdMod that happened to be from a unicode file. AdMod should now detect this and tell Brian to go get an ASCII version of the file. 😉
  • Added the ability to force recycle of objects in the recycle bin via the -recycle switch (i.e. deleting a deleted object)
  • Added a -treenuke switch which was discussed on ActiveDir Org – it bypasses the treedelete max count issue and keeps submitting treedelete LDAP commands until the tree is really gone.
  • Added the -policyhints switch for setting passwords. This is more a feature for FIM but useful to be able to test in AdMod.
  • Added a new binary import option – importfile##  – this is often asked for, it allows you to read in a binary file and jam it into an Active Directory attribute. This is useful for say uploading pics into AD.

 

Have fun, enjoy, bugs, feedback, comments, etc, you know where to get me at. 😉

 

    joe

Rating 4.00 out of 5

3/17/2012

I love my Roku.

by @ 1:59 pm. Filed under general

I just wanted to share that bit of info. I just found out that Deadliest Catch (all seasons) has been added to the Amazon.com Prime (i.e. free to watch) so that means the whole last season of Deadliest Catch that got lost when my g/f’s DVR went up in smoke so I never got to see it I can no watch… in HIGH DEF even which her DVR wasn’t even capable of doing…

Mythbuster’s Seasons 1-7 are free.

Red Vs Blue (for the Halo Nerds) is free.

Many many movies and TV Shows as well.

 

Oh, BTW, if you want to get a Roku, here is a link to get one at discount with free shipping.

http://roku.tellapal.com/a/clk/56ldK1

 

    joe

Rating 4.00 out of 5

Follow up to “Seriously Brian” portion of previous post, “Nuking Active Directory Trees…” ___OR___ Adding Conflict Objects to Active Directory

by @ 1:19 pm. Filed under tech

If you previously saw my post on nuking AD Trees you saw me insert a piece that wasn’t really involved about my friend Brian Desmond trying to copy conflict objects from one Active Directory to another and hitting a bug in AdMod that wasn’t allowing it. Then I later commented that I fixed the  bug in AdMod only to find that apparently Active Directory doesn’t even allow you to do add an object with 0x0A in the DN.

Well I was honored to get an email from Don Hacherl (aka Father of AD) who confirmed that yes indeed, creating objects with 0x0A in the DN was disallowed. He has a very logical explanation. The idea is that if they had a conflict, they needed to have a name they could rename an object to that was absolutely guaranteed to be unique so they didn’t get into a recursive naming collision. So they added the GUID to the name which makes it so there is no issue with other DCs causing the collision and then they added the 0x0A and blocked it from being used by “people” to prevent some crafty person from inadvertently or advertently (heh) causing an issue by using the same name.

And as for the release of the new AdFind/Mod… They are still on the way, I got Brian’s issue worked out, but I am still testing some stuff and I added something for Princess for deleting deleted objects… Heh, that is just me being funny… The official term is forcing deleted items to be recycled. I.E. You don’t want the items hanging around anymore so you want them to get scrubbed of attributes and pushed along the process. He also has brought up an interesting issue around removing massive numbers of members from a group that I am looking into. Seems, like deleting massive numbers of objects, there are situations where you can have an issue removing massive numbers  of members from a group. Plus I am overly busy with the “real job”. If anyone wants to fix that for me by offering me a really well paying position (work from home, little to no travel, 40- hours a week) which would give me more time to work on cool stuff to help everyone then please email me. Or alternately if you want to give me the winning numbers to the lotto or just outright make me independently wealthy that would be good as well. Most people don’t seem to believe me, but if I were independently wealthy, I absolutely would be writing joeware tools because I love doing it. My sister creates works of art, I create utilities. Smile

 

     joe

Rating 4.00 out of 5

3/12/2012

From the mailbag… Please help me bypass my corporate security teams…

by @ 7:14 pm. Filed under general

I seem to regularly get emails from people who for some reason or another cannot download the utilities because some firewall is blocking  the download. They want me to set up a special download somewhere else, use dropbox or some other cloud storage, or send the tools via email.

My answer (so I don’t have to keep sending it to people) is

No, I will not help you bypass security systems between you and my web site. I have to believe there is some reason the block is in place and I am not in position to make the decision to help you skirt the security. Please go to your firewall admin and work it out with that person or persons.

        joe

Rating 4.00 out of 5

3/2/2012

Rough Day in the US…

by @ 7:54 pm. Filed under general

Be safe, stay undercover.

 

tornados

Rating 3.00 out of 5

Seriously People…

by @ 7:26 am. Filed under tech

If you send me an email asking for help saying that one of my utilities doesn’t work or you can’t get it to work, you need to specify in the body of the email what commands you actually tried. Period. End of Story. No more, "It doesn’t work, what do I type to get it to work?" or "I want to do x and y or possibly z, how do I do that? What do I type?"

In fact, how about even putting in a little command line text snippet, no I don’t mean use the snipping tool or some other GUI screen capture tool, I mean copy and paste the text from the command prompt… What is the difference you ask? Well first off, you probably shouldn’t be admin’ing machines if you asked that but here it is…

This is a screen capture:

image

 

This is a text snippet of the same thing:

[Thu 03/01/2012 22:01:43.35]
F:\Dev\cpp\_old\OLD>adfind\release\adfind -e -default -f name="DFSR-LocalSettings" -flagdc

AdFind V01.46.00cpp Joe Richards (joe@joeware.net) March 2012

Using server: WIN8DOM2-DC1.win8dom2.loc:389
Directory: Windows Server 8
Base DN: DC=win8dom2,DC=loc

dn:CN=DFSR-LocalSettings,CN=WIN8DOM2-DC1,OU=Domain Controllers,DC=win8dom2,DC=loc
>objectClass: top
>objectClass: msDFSR-LocalSettings
>cn: DFSR-LocalSettings
>distinguishedName: CN=DFSR-LocalSettings,CN=WIN8DOM2-DC1,OU=Domain Controllers,DC=win8dom2,DC=loc
>instanceType: 4 [WRITABLE(4)]
>whenCreated: 20120301023009.0Z
>whenChanged: 20120301023513.0Z
>uSNCreated: 12479
>uSNChanged: 12489
>showInAdvancedViewOnly: TRUE
>name: DFSR-LocalSettings
>objectGUID: {EC3F04A1-A11A-413C-9425-C91A7701E0DE}
>objectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,DC=win8dom2,DC=loc
>dSCorePropagationData: 20120301023009.0Z
>dSCorePropagationData: 16010101000000.0Z
>msDFSR-Version: 1.0.0.0
>msDFSR-Flags: 48 [ELIMINATED (STABLE_STATE_3)]

1 Objects returned

 

Why? Because I said so. And also because sometimes the screen captures don’t come through properly, always I don’t want to have fully retype the command because there could possibly be something going on with the specific characters that I won’t catch that you do because of Unicode, always the image is bigger than the text in sheer size.

 

   joe

Rating 4.50 out of 5

3/1/2012

AdFind and AdMod Updates…

by @ 11:11 pm. Filed under tech

Ummm joe… it’s been two weeks (http://blog.joeware.net/2012/02/13/2429/)… what’s up?

 

Well something has happened that has pushed back the date a little, specifically http://blog.joeware.net/2012/02/29/2440/. So I am going through looking for things that should be decoded. Plus I dumped an entire new forest and I am looking at all attributes trying to determine what else should be decoded. this includes older attributes as well that perhaps I previously missed or couldn’t figure out. So besides some of the controls and behavior attributes for Windows Server 8, I have also tackled some other attributes such as rIDAvailablePool, rIDAllocationPool, rIDPreviousAllocationPool, and msDFSR-Flags. I also put a *beta* decode in for a new dsHeuristics value. I also, and this is pretty cool, added the ability for AdFind to export a binary attribute to a file as well have AdMod import a binary file into an attribute. 

So let’s let the tools stew just a little bit longer shall we. 😉

 

     joe

Rating 4.50 out of 5

Well that sounds fair… Well not really.

by @ 8:56 pm. Filed under tech

So I am looking through email and I find this

We have never met but today I became aware of two of your utilities; ADFind and ADMod.  I think they might be able to save my job but I desperately need help please.  I simply am not technical enough to understand the switches. I’ve been at it now for just under seven and a half hours.  The users have all gone home as there was nothing they could do.  My name is mud. If you can help I will make a ÂŁ10 donation to your favourite charity.

This person then says

I have found the following, which I can’t make work at all. From the screen grabs below is it possible to work out the correct syntax please?

where the following is a cut and paste from  http://www.techtalkz.com/windows-server-2003/65070-recover-ou.html which is straight from The Princess followed by screen images from ADUC showing the OU in place and then missing… But no info on what commands were actually tried and the results which means I truly have no idea what is going on since he already spent 7.5 hours on it and those instructions are the normal Jorge detailed quality so I would expect someone could follow them ok meaning there could be something else wrong.

Anyway I responded with “What exactly did you try and what did it do?”

Unfortunately for me that was the 4th email in a row in the set of emails sent to me the last day or so that all basically said, “I need your help, I don’t know how to make your tools work, tell me how to make them work.”, without giving any detail on what the admins have actually done and what the failures were. As I have mentioned before on several occasions I am seeing more and more of this. Great job hiring managers and headhunters, you are doing your companies/customers a great service… In the meanwhile, I need to research how you have to submit $500 USD in order to send me an email.

 

    joe

Rating 4.33 out of 5

2/29/2012

Windows Server 8 Beta Active Directory and ADAM RootDSE Output

by @ 11:07 pm. Filed under tech

Windows Server 8 Beta RootDSE

[Wed 02/29/2012 21:48:12.00]
F:\Dev\cpp>adfind\release\adfind -rootdse

AdFind V01.46.00cpp Joe Richards (joe@joeware.net) February 2012

Using server: WIN8DOM2-DC1.win8dom2.loc:389
Directory: Windows Server 8

dn:
>currentTime: 20120301025803.0Z
>subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=win8dom2,DC=loc
>dsServiceName: CN=NTDS Settings,CN=WIN8DOM2-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=win8dom2,DC=loc
>namingContexts: DC=win8dom2,DC=loc
>namingContexts: CN=Configuration,DC=win8dom2,DC=loc
>namingContexts: CN=Schema,CN=Configuration,DC=win8dom2,DC=loc
>defaultNamingContext: DC=win8dom2,DC=loc
>schemaNamingContext: CN=Schema,CN=Configuration,DC=win8dom2,DC=loc
>configurationNamingContext: CN=Configuration,DC=win8dom2,DC=loc
>rootDomainNamingContext: DC=win8dom2,DC=loc
>supportedControl: 1.2.840.113556.1.4.319 [LDAP_PAGED_RESULT_OID_STRING]
>supportedControl: 1.2.840.113556.1.4.801 [LDAP_SERVER_SD_FLAGS_OID]
>supportedControl: 1.2.840.113556.1.4.473 [LDAP_SERVER_SORT_OID]
>supportedControl: 1.2.840.113556.1.4.528 [LDAP_SERVER_NOTIFICATION_OID]
>supportedControl: 1.2.840.113556.1.4.417 [LDAP_SERVER_SHOW_DELETED_OID]
>supportedControl: 1.2.840.113556.1.4.619 [LDAP_SERVER_LAZY_COMMIT_OID]
>supportedControl: 1.2.840.113556.1.4.841 [LDAP_SERVER_DIRSYNC_OID]
>supportedControl: 1.2.840.113556.1.4.529 [LDAP_SERVER_EXTENDED_DN_OID]
>supportedControl: 1.2.840.113556.1.4.805 [LDAP_SERVER_TREE_DELETE_OID]
>supportedControl: 1.2.840.113556.1.4.521 [LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID]
>supportedControl: 1.2.840.113556.1.4.970 [LDAP_SERVER_GET_STATS_OID]
>supportedControl: 1.2.840.113556.1.4.1338 [LDAP_SERVER_VERIFY_NAME_OID]
>supportedControl: 1.2.840.113556.1.4.474 [LDAP_SERVER_RESP_SORT_OID]
>supportedControl: 1.2.840.113556.1.4.1339 [LDAP_SERVER_DOMAIN_SCOPE_OID]
>supportedControl: 1.2.840.113556.1.4.1340 [LDAP_SERVER_SEARCH_OPTIONS_OID]
>supportedControl: 1.2.840.113556.1.4.1413 [LDAP_SERVER_PERMISSIVE_MODIFY_OID]
>supportedControl: 2.16.840.1.113730.3.4.9 [LDAP_CONTROL_VLVREQUEST]
>supportedControl: 2.16.840.1.113730.3.4.10 [LDAP_CONTROL_VLVRESPONSE]
>supportedControl: 1.2.840.113556.1.4.1504 [LDAP_SERVER_ASQ_OID]
>supportedControl: 1.2.840.113556.1.4.1852 [LDAP_SERVER_QUOTA_CONTROL_OID]
>supportedControl: 1.2.840.113556.1.4.802 [LDAP_SERVER_RANGE_OPTION_OID]
>supportedControl: 1.2.840.113556.1.4.1907 [LDAP_SERVER_SHUTDOWN_NOTIFY_OID]
>supportedControl: 1.2.840.113556.1.4.1948 [LDAP_SERVER_RANGE_RETRIEVAL_NOERR]
>supportedControl: 1.2.840.113556.1.4.1974 [LDAP_SERVER_FORCE_UPDATE]
>supportedControl: 1.2.840.113556.1.4.1341 [RODC_DCPROMO]
>supportedControl: 1.2.840.113556.1.4.2026 [LDAP_SERVER_DN_INPUT_OID]
>supportedControl: 1.2.840.113556.1.4.2064 [LDAP_SERVER_SHOW_RECYCLED_OID]
>supportedControl: 1.2.840.113556.1.4.2065 [LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID]
>supportedControl: 1.2.840.113556.1.4.2066 [LDAP_SERVER_POLICY_HINTS_OID]
>supportedControl: 1.2.840.113556.1.4.2090 [LDAP_SERVER_DIRSYNC_EX_OID]
>supportedControl: 1.2.840.113556.1.4.2205 [LDAP_SERVER_UPDATE_STATS_OID]
>supportedControl: 1.2.840.113556.1.4.2204 [LDAP_SERVER_TREE_DELETE_EX_OID]
>supportedControl: 1.2.840.113556.1.4.2206 [LDAP_SERVER_SEARCH_HINTS_OID]
>supportedControl: 1.2.840.113556.1.4.2211 [LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID]
>supportedLDAPVersion: 3
>supportedLDAPVersion: 2
>supportedLDAPPolicies: MaxPoolThreads
>supportedLDAPPolicies: MaxDatagramRecv
>supportedLDAPPolicies: MaxReceiveBuffer
>supportedLDAPPolicies: InitRecvTimeout
>supportedLDAPPolicies: MaxConnections
>supportedLDAPPolicies: MaxConnIdleTime
>supportedLDAPPolicies: MaxPageSize
>supportedLDAPPolicies: MaxBatchReturnMessages
>supportedLDAPPolicies: MaxQueryDuration
>supportedLDAPPolicies: MaxTempTableSize
>supportedLDAPPolicies: MaxResultSetSize
>supportedLDAPPolicies: MinResultSets
>supportedLDAPPolicies: MaxResultSetsPerConn
>supportedLDAPPolicies: MaxNotificationPerConn
>supportedLDAPPolicies: MaxValRange
>highestCommittedUSN: 12544
>supportedSASLMechanisms: GSSAPI
>supportedSASLMechanisms: GSS-SPNEGO
>supportedSASLMechanisms: EXTERNAL
>supportedSASLMechanisms: DIGEST-MD5
>dnsHostName: WIN8DOM2-DC1.win8dom2.loc
>ldapServiceName: win8dom2.loc:win8dom2-dc1$@WIN8DOM2.LOC
>serverName: CN=WIN8DOM2-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=win8dom2,DC=loc
>supportedCapabilities: 1.2.840.113556.1.4.800 [LDAP_CAP_ACTIVE_DIRECTORY_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1670 [LDAP_CAP_ACTIVE_DIRECTORY_V51_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1791 [LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1935 [LDAP_CAP_ACTIVE_DIRECTORY_V60_OID]
>supportedCapabilities: 1.2.840.113556.1.4.2080 [LDAP_CAP_ACTIVE_DIRECTORY_V61_R2_OID]
>dsSchemaAttrCount: 1426
>dsSchemaClassCount: 256
>dsSchemaPrefixCount: 39
>isSynchronized: TRUE
>isGlobalCatalogReady: TRUE
>supportedConfigurableSettings: DynamicObjectDefaultTTL
>supportedConfigurableSettings: DynamicObjectMinTTL
>supportedConfigurableSettings: DisableVLVSupport
>supportedConfigurableSettings: ADAMDisablePasswordPolicies
>supportedConfigurableSettings: ADAMDisableLogonAuditing
>supportedConfigurableSettings: ADAMLastLogonTimestampWindow
>supportedConfigurableSettings: RequireSecureSimpleBind
>supportedConfigurableSettings: RequireSecureProxyBind
>supportedConfigurableSettings: MaxReferrals
>supportedConfigurableSettings: ReferralRefreshInterval
>supportedConfigurableSettings: SelfReferralsOnly
>supportedConfigurableSettings: ADAMAllowADAMSecurityPrincipalsInConfigPartition
>supportedConfigurableSettings: ADAMDisableSPNRegistration
>supportedConfigurableSettings: ADAMDisableSSI
>supportedExtension: 1.3.6.1.4.1.1466.20037 [LDAP_SERVER_START_TLS_OID]
>supportedExtension: 1.3.6.1.4.1.1466.101.119.1 [LDAP_TTL_REFRESH_OID]
>supportedExtension: 1.2.840.113556.1.4.1781 [LDAP_SERVER_FAST_BIND_OID]
>supportedExtension: 1.3.6.1.4.1.4203.1.11.3 [LDAP_SERVER_WHO_AM_I_OID]
>supportedExtension: 1.2.840.113556.1.4.2212 [LDAP_SERVER_BATCH_REQUEST_OID]
>domainFunctionality: 5 [Windows Server 8 Domain Mode]
>forestFunctionality: 5 [Windows Server 8 Forest Mode]
>domainControllerFunctionality: 5 [Windows Server 8 Mode]
>validFSMOs: CN=Schema,CN=Configuration,DC=win8dom2,DC=loc
>validFSMOs: CN=Partitions,CN=Configuration,DC=win8dom2,DC=loc
>validFSMOs: DC=win8dom2,DC=loc
>validFSMOs: CN=Infrastructure,DC=win8dom2,DC=loc
>validFSMOs: CN=RID Manager$,CN=System,DC=win8dom2,DC=loc
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-1102
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-513
>tokenGroups: S-1-1-0
>tokenGroups: S-1-5-32-545
>tokenGroups: S-1-5-32-554
>tokenGroups: S-1-5-32-544
>tokenGroups: S-1-5-2
>tokenGroups: S-1-5-11
>tokenGroups: S-1-5-15
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-512
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-518
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-572
>dsaVersionString: 6.2.8250.0 (winmain_win8beta.120217-1520)
>serviceAccountInfo: replAuthenticationMode=1
>serviceAccountInfo: accountType=domain
>serviceAccountInfo: systemAccount=true
>serviceAccountInfo: domainType=domainWithKerb
>serviceAccountInfo: machineDomainName=WIN8DOM2
>msDS-PrincipalName: WIN8DOM2\$joe
>msDS-PortLDAP: 389
>msDS-PortSSL: 636
>spnRegistrationResult: 0
>approximateHighestInternalObjectID: 3938

1 Objects returned

 

Windows Server 8 ADAM RootDSE

[Wed 02/29/2012 22:00:58.49]
F:\Dev\cpp>adfind\release\adfind -hh win8dom2-dc1.win8dom2.loc:50000 -rootdse

AdFind V01.46.00cpp Joe Richards (joe@joeware.net) February 2012

Using server: WIN8DOM2-DC1.win8dom2.loc:50000
Directory: Windows Server 8 Active Directory Application Mode

dn:
>currentTime: 20120301030210.0Z
>subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>dsServiceName: CN=NTDS Settings,CN=WIN8DOM2-DC1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>namingContexts: CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>namingContexts: CN=Schema,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>namingContexts: O=win8betatest
>schemaNamingContext: CN=Schema,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>configurationNamingContext: CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>supportedControl: 1.2.840.113556.1.4.319 [LDAP_PAGED_RESULT_OID_STRING]
>supportedControl: 1.2.840.113556.1.4.801 [LDAP_SERVER_SD_FLAGS_OID]
>supportedControl: 1.2.840.113556.1.4.473 [LDAP_SERVER_SORT_OID]
>supportedControl: 1.2.840.113556.1.4.528 [LDAP_SERVER_NOTIFICATION_OID]
>supportedControl: 1.2.840.113556.1.4.417 [LDAP_SERVER_SHOW_DELETED_OID]
>supportedControl: 1.2.840.113556.1.4.619 [LDAP_SERVER_LAZY_COMMIT_OID]
>supportedControl: 1.2.840.113556.1.4.841 [LDAP_SERVER_DIRSYNC_OID]
>supportedControl: 1.2.840.113556.1.4.529 [LDAP_SERVER_EXTENDED_DN_OID]
>supportedControl: 1.2.840.113556.1.4.805 [LDAP_SERVER_TREE_DELETE_OID]
>supportedControl: 1.2.840.113556.1.4.521 [LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID]
>supportedControl: 1.2.840.113556.1.4.970 [LDAP_SERVER_GET_STATS_OID]
>supportedControl: 1.2.840.113556.1.4.1338 [LDAP_SERVER_VERIFY_NAME_OID]
>supportedControl: 1.2.840.113556.1.4.474 [LDAP_SERVER_RESP_SORT_OID]
>supportedControl: 1.2.840.113556.1.4.1339 [LDAP_SERVER_DOMAIN_SCOPE_OID]
>supportedControl: 1.2.840.113556.1.4.1340 [LDAP_SERVER_SEARCH_OPTIONS_OID]
>supportedControl: 1.2.840.113556.1.4.1413 [LDAP_SERVER_PERMISSIVE_MODIFY_OID]
>supportedControl: 2.16.840.1.113730.3.4.9 [LDAP_CONTROL_VLVREQUEST]
>supportedControl: 2.16.840.1.113730.3.4.10 [LDAP_CONTROL_VLVRESPONSE]
>supportedControl: 1.2.840.113556.1.4.1504 [LDAP_SERVER_ASQ_OID]
>supportedControl: 1.2.840.113556.1.4.1852 [LDAP_SERVER_QUOTA_CONTROL_OID]
>supportedControl: 1.2.840.113556.1.4.802 [LDAP_SERVER_RANGE_OPTION_OID]
>supportedControl: 1.2.840.113556.1.4.1907 [LDAP_SERVER_SHUTDOWN_NOTIFY_OID]
>supportedControl: 1.2.840.113556.1.4.1948 [LDAP_SERVER_RANGE_RETRIEVAL_NOERR]
>supportedControl: 1.2.840.113556.1.4.1974 [LDAP_SERVER_FORCE_UPDATE]
>supportedControl: 1.2.840.113556.1.4.1341 [RODC_DCPROMO]
>supportedControl: 1.2.840.113556.1.4.2026 [LDAP_SERVER_DN_INPUT_OID]
>supportedControl: 1.2.840.113556.1.4.2064 [LDAP_SERVER_SHOW_RECYCLED_OID]
>supportedControl: 1.2.840.113556.1.4.2065 [LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID]
>supportedControl: 1.2.840.113556.1.4.2066 [LDAP_SERVER_POLICY_HINTS_OID]
>supportedControl: 1.2.840.113556.1.4.2090 [LDAP_SERVER_DIRSYNC_EX_OID]
>supportedControl: 1.2.840.113556.1.4.2205 [LDAP_SERVER_UPDATE_STATS_OID]
>supportedControl: 1.2.840.113556.1.4.2204 [LDAP_SERVER_TREE_DELETE_EX_OID]
>supportedControl: 1.2.840.113556.1.4.2206 [LDAP_SERVER_SEARCH_HINTS_OID]
>supportedControl: 1.2.840.113556.1.4.2211 [LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID]
>supportedLDAPVersion: 3
>supportedLDAPVersion: 2
>supportedLDAPPolicies: MaxPoolThreads
>supportedLDAPPolicies: MaxDatagramRecv
>supportedLDAPPolicies: MaxReceiveBuffer
>supportedLDAPPolicies: InitRecvTimeout
>supportedLDAPPolicies: MaxConnections
>supportedLDAPPolicies: MaxConnIdleTime
>supportedLDAPPolicies: MaxPageSize
>supportedLDAPPolicies: MaxBatchReturnMessages
>supportedLDAPPolicies: MaxQueryDuration
>supportedLDAPPolicies: MaxTempTableSize
>supportedLDAPPolicies: MaxResultSetSize
>supportedLDAPPolicies: MinResultSets
>supportedLDAPPolicies: MaxResultSetsPerConn
>supportedLDAPPolicies: MaxNotificationPerConn
>supportedLDAPPolicies: MaxValRange
>highestCommittedUSN: 14054
>supportedSASLMechanisms: GSSAPI
>supportedSASLMechanisms: GSS-SPNEGO
>supportedSASLMechanisms: EXTERNAL
>supportedSASLMechanisms: DIGEST-MD5
>dnsHostName: WIN8DOM2-DC1.win8dom2.loc
>serverName: CN=WIN8DOM2-DC1$instance1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>supportedCapabilities: 1.2.840.113556.1.4.1851 [LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1670 [LDAP_CAP_ACTIVE_DIRECTORY_V51_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1791 [LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1935 [LDAP_CAP_ACTIVE_DIRECTORY_V60_OID]
>supportedCapabilities: 1.2.840.113556.1.4.2080 [LDAP_CAP_ACTIVE_DIRECTORY_V61_R2_OID]
>supportedCapabilities: 1.2.840.113556.1.4.1880 [LDAP_CAP_ACTIVE_DIRECTORY_ADAM_DIGEST]
>dsSchemaAttrCount: 392
>dsSchemaClassCount: 62
>dsSchemaPrefixCount: 39
>isSynchronized: TRUE
>supportedConfigurableSettings: DynamicObjectDefaultTTL
>supportedConfigurableSettings: DynamicObjectMinTTL
>supportedConfigurableSettings: DisableVLVSupport
>supportedConfigurableSettings: ADAMDisablePasswordPolicies
>supportedConfigurableSettings: ADAMDisableLogonAuditing
>supportedConfigurableSettings: ADAMLastLogonTimestampWindow
>supportedConfigurableSettings: RequireSecureSimpleBind
>supportedConfigurableSettings: RequireSecureProxyBind
>supportedConfigurableSettings: MaxReferrals
>supportedConfigurableSettings: ReferralRefreshInterval
>supportedConfigurableSettings: SelfReferralsOnly
>supportedConfigurableSettings: ADAMAllowADAMSecurityPrincipalsInConfigPartition
>supportedConfigurableSettings: ADAMDisableSPNRegistration
>supportedConfigurableSettings: ADAMDisableSSI
>supportedExtension: 1.3.6.1.4.1.1466.20037 [LDAP_SERVER_START_TLS_OID]
>supportedExtension: 1.3.6.1.4.1.1466.101.119.1 [LDAP_TTL_REFRESH_OID]
>supportedExtension: 1.2.840.113556.1.4.1781 [LDAP_SERVER_FAST_BIND_OID]
>supportedExtension: 1.3.6.1.4.1.4203.1.11.3 [LDAP_SERVER_WHO_AM_I_OID]
>supportedExtension: 1.2.840.113556.1.4.2212 [LDAP_SERVER_BATCH_REQUEST_OID]
>forestFunctionality: 2 [Windows Server 2003 Forest Mode]
>domainControllerFunctionality: 5 [Windows Server 8 Mode]
>validFSMOs: CN=Schema,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>validFSMOs: CN=Partitions,CN=Configuration,CN={B2CA17A7-B808-4456-A1CC-E6E9393FDBA1}
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-1102
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-513
>tokenGroups: S-1-1-0
>tokenGroups: S-1-5-32-545
>tokenGroups: S-1-5-32-554
>tokenGroups: S-1-5-32-544
>tokenGroups: S-1-5-2
>tokenGroups: S-1-5-11
>tokenGroups: S-1-5-15
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-512
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-518
>tokenGroups: S-1-5-21-3917776897-2119544392-2693853299-572
>tokenGroups: S-1-5-64-10
>tokenGroups: S-1-530768202-3575268927-512
>tokenGroups: S-1-526474621-1342553557-519
>dsaVersionString: 6.2.8250.0 (winmain_win8beta.120217-1520)
>serviceAccountInfo: replAuthenticationMode=1
>serviceAccountInfo: accountType=domain
>serviceAccountInfo: systemAccount=true
>serviceAccountInfo: domainType=domainWithKerb
>serviceAccountInfo: machineDomainName=WIN8DOM2
>msDS-PrincipalName: WIN8DOM2\$joe
>msDS-PortLDAP: 50000
>msDS-PortSSL: 50001
>spnRegistrationResult: 0
>approximateHighestInternalObjectID: 2034

1 Objects returned

Rating 4.00 out of 5

Happy Leap Day. :)

by @ 9:59 pm. Filed under tech

win8serverbeta

Rating 4.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]