joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

3/20/2009

DEC^H^H^HTEC is almost here…

by @ 2:08 pm. Filed under tech

So who is going to TEC? Excited yet? You should be, it will be fun. Personally, I can’t wait to hear Dmitri, Brett, and yes, even Dean, speak. Those guys are incredibly bright and just plain know a lot of stuff. The weather in Vegas is slated to be in the low 70’s and sunny. We missed the 80’s by a week unfortunately.

If you are sitting in the sessions and wondering what kind of questions you should be asking…

In the sessions on PowerShell and ADAC (or ADMUX if you prefer) ask why the PowerShell cmdlets aren’t using LDAP[1] which is already present on every single domain controller… But instead a brand new “Web” Service that runs on a Windows Server 2008 R2 Domain Controller. See

http://technet.microsoft.com/en-us/library/dd378937.aspx

http://technet.microsoft.com/en-us/library/dd391908.aspx

http://msdn.microsoft.com/en-us/library/dd303965(PROT.10).aspx

http://msdn.microsoft.com/en-us/library/dd304395(PROT.10).aspx

 

No, this doesn’t mean you need to load IIS on the DCs. It is another binary. And in fact it really doesn’t have any HTTP involvement and doesn’t run over port 80, it is just XML. Just to get that easy question out of the way… But maybe questions along the amount of network traffic may be good ones to ask about since XML is such a ‘sparse’ protocol compared to LDAP. Maybe if we are lucky we could get a demo of (including network traffic comparison) of say dumping the email addresses for all users in a 50k user forest to a text file as done via LDAP and done through PowerShell using the AD Cmdlets. That is actually a test I have been wanting to do but haven’t had the opportunity to set up a 2008R2 DC to do the tests. If I could only just install the PowerShell AD cmdlets to test… πŸ˜‰  Another interesting test of something that I just had to do at work yesterday in fact would be to dump the replication metadata value for the legacyExchangeDN attribute for all person objects in a 75k user forest[3]. I needed to see if the LEDN had gone through some mass change at some point so was interested in version numbers and originating write dates. I can’t say for sure what the network impact delta would be between these two types of requests but I could hazard a guess.

 

Don’t worry, one of the presenters of this info is my good friend Dean Wells formerly the Dean of the Dean and joe Show before he joined the dark side (<insert heavy breathing>I’m your father Lucas</heavy breathing>) and he actually enjoys audience participation versus just everyone sitting there dead silent. If you weren’t planning on attending that session… “What are you INSANE!”. You know Dean, he is easily, hands down, the best presenter I have ever seen. It may not be the most informative presentation of the whole conference (though it very well likely could be – I would say it would be but it isn’t the Dean and joe Show where we could pick any topics we wanted, the topic is constrained) but it will certainly be the most entertaining and energetic and fun presentation at the whole conference as Dean could present the phone book and have everyone trying to get him to do a second session[4]. If you can make him stutter or be unable to respond to a question, kudos to you because I just haven’t seen it happen. No fair asking him questions like “Do you still beat your maid that you snuck into the country illegally from Romania?” as that just isn’t nice and really, how do you answer that question without stuttering? No, err yes err… Err Romania?? Where’s that? Oh Maid?? I don’t have a maid! ;o)

 

Note that I am aware that Active Directory 4th Edition is now out on the book shelves and at Amazon. While I won’t be bringing any copies I think Brian may be bringing copies for purchase. I don’t believe he will have any to give out for free because unlike when AD3E came out, O’Reilly didn’t seem interested in giving copies out at DEC err darnit TEC[5].  I don’t mind signing the books however you probably really want Brian’s signature as he is the author for this version. He took what I did and extended it and chopped out a bunch of stuff that I wanted to chop out but wasn’t allowed to chop out. 

 

So if you are going to TEC/DEC/Whatever… Have a safe flight/drive/train trip/whatever. If you aren’t going… I’m sorry that sucks. I know the company I work for wasn’t interested in paying my way and I didn’t want to speak to have NetPro/Quest pay to get me out there so I took it as a vacation time and am paying for it. On reflection, it probably is silly of me not to speak but in all honesty, I don’t much like to do it unless I have something specific I need to say and I never have anything I need to say at DEC. I just go to meet the people and talk to folks about the issues they encounter to give me ideas on ways I can try to help. If you folks who attend DEC/TEC/Whatever think that had value, tell every NetPro/Quest person you run into that and maybe they will bring me out there just to chat with people like I usually do. Especially do that if you have in the past told the NetPro/Quest people that you wanted to meet me or came because of me or my blog.

I think though if next year I am taking my vacation at this time and I am paying for it, I should take it in the an island paradise and if someone happens to be there that is into Active Directory stuff then I can chat with them there. πŸ™‚ 

    joe

 

[1] Don’t worry, the Quest cmdlets for AD still use it though. So they will work against the various versions of AD without the need of a K8R2 DC with the Web Service loaded.

[2] That may or may not be a sarcastic comment. πŸ˜‰

[3] adfind -gcb -f “&(objectcategory=person)(legacyexchangedn=*)” msDS-ReplAttributeMetaData;binary -mvfilter msDS-ReplAttributeMetaData=legacyexchangedn -csv

[4] Serously, my opinion of Dean’s speaking ability is that high. Trust me on this, I had to try and speak after him in the same presentation and generally I consider myself to be a humourous interesting person to chat with, just not after Dean has been up there prancing around in his glory. ;o)

[5] Had NetPro/Quest/Whatever not changed the name of the conference, who knows, O’Reilly might have gave out some free copies… Now instead they hear, free books for TEC? Why? Now DEC, that we would give out free books at… (Man I am on a roll today!)

Rating 3.00 out of 5

3/5/2009

Thanks to Active Directory Product Group and MVP Program and Thanks to my friends Dean/Erika for their hospitality

by @ 9:24 am. Filed under general

I just wanted to take a moment to send out a general thanks to the Active Directory Product Group at Microsoft. I always enjoy seeing the team as a whole but really enjoy the individual talk time with the PM’s and Devs even more. My favorite time for this summit was the open session where we got to sit and discuss the Recycle Bin feature stuff with Tim and Stephanie. Not because I think it is the only cool feature or anything, but because I really enjoyed the open discussion and it was nice to learn the technical details behind a feature that has been so long in coming. 

Uday and Moon, your presence was missed. Also I will miss seeing a large portion of the DS Team at DEC/TEC… Unfortunately it seems only a few of the DS Team will be able to make it to DEC/TEC due to budget cutbacks at MSFT. This is unfortunate because I often hear from the attendees that they really appreciate the availability of the Microsoft DS Team resources at DEC to respond to questions and hear feedback. Since this is the only conference with solid real deep focus on the DS pieces this is the best conference for Microsoft to send those resources but someone at some level doesn’t seem to understand that.

It was odd having my good friend Dean over on the other side of the fence as a Microsoft employee but I think it was good and he did Microsoft proud. I had a lovely time visiting with him and his wife (hmmm good meatballs) and awesome son (Hello Lucas… volcano!!!).

Just a quick FYI for those who kept asking me… The fact that Dean is working on PowerShell a lot now is not going to sway my opinion on it. Again, sorry to all those who asked me that specific direct question… but no. Not even for Dean. πŸ™‚ I will or will not use PowerShell when it becomes compelling specifically for me to use. This isn’t to say it isn’t the right answer for others, but that is for each individual to decide. I doubt there is anything that can be presented or said in a single presentation that could get any serious folks to just jump whole hog, this will be something admins choose to do or not based on their own thoughts, needs, and preferences. I found it odd when asked by some of the PM’s if I was just all of a sudden going to change my mind on it because of a good presentation. Does anyone make up their mind on whether they will change directions based on a good presentation? Once I need to do something that isn’t truly feasible for me to do (by my definition, no one else’s) in perl or command line tools that I have or can write, I will maybe look in that direction. More on the PowerShell stuff and specifically the DS Team’s AD and ADAM cmdlets for PowerShell in a later blog post.

 

Also a general thanks to the overall MVP program for having the Global Summit. It is always useful to me and this year by moving the Executive presentations to the end it really made me feel like my time was used well.

 

   joe

Rating 3.00 out of 5

2/7/2009

More AdFind V01.40.00 sneak peek…

by @ 6:48 pm. Filed under tech

Back on Jan 21 I tipped my hand on a new capability in AdFind which for many people is extremely exciting based on the feedback in my inbox. To refresh your memory, that was the ability for AdFind to take in a list of Base DN’s to execute queries against. For short we will say piping AdFind into AdFind though you could, if for whatever reason gripped you, pipe dsquery into AdFind.

Well in a follow up conversation with my friend and co-Author Brian Desmond, he asked “How do I pipe DNs from AdFind into AdFind and then get counts for the number of users under each of those DN’s?” My response was… well you can’t. The whole counting mechanism is based on the number of objects AdFind returns period… But then I thought, I hacked in CSV when I didn’t think I could… then I hacked in the piping in multiple DNs when I didn’t think I could, let me give this a try before totally saying no… So voila, a new switch because you just know there aren’t enough switches in AdFind yet…. The new switch is -ic… where -c stands for count, -ic stands for intermediate count… That lets you do something like….

G:\>adfind -default -f ou=* -dsq | adfind -sc adobjcnt:user

AdFind V01.40.00cpp **BETA** Joe Richards (joe@joeware.net) February 2009

Using server: r2dc1.test.loc:3268
Directory: Windows Server 2003

BaseDN: OU=CharTests,OU=TestOU,DC=test,DC=loc
1 intermediate objects returned

BaseDN: OU=createtest,OU=TestOU,DC=test,DC=loc
10 intermediate objects returned

BaseDN: OU=Deleted,OU=XXXTest,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=XXXTest,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=Domain Controllers,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=Email,OU=My,DC=test,DC=loc
1 intermediate objects returned

BaseDN: OU=GPOTest,OU=TestOU,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=Groups,OU=My,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=Groups,OU=TestOU,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=HideTest,OU=TestOU,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=joeperm,OU=TestOU,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=My,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=oneleveldown,OU=createtest,OU=TestOU,DC=test,DC=loc
1 intermediate objects returned

BaseDN: OU=Outlook,OU=TestOU,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=permtest,OU=TestOU,DC=test,DC=loc
2 intermediate objects returned

BaseDN: OU=PoSTest,DC=test,DC=loc
700001 intermediate objects returned

BaseDN: OU=Skip,OU=TestXXX,OU=XXXTest,DC=test,DC=loc
1 intermediate objects returned

BaseDN: OU=TestXXX,OU=XXXTest,DC=test,DC=loc
4 intermediate objects returned

BaseDN: OU=TestDisable,OU=XXXTest,DC=test,DC=loc
0 intermediate objects returned

BaseDN: OU=TestOU,DC=test,DC=loc
6 intermediate objects returned

BaseDN: OU=Users,OU=My,DC=test,DC=loc
2 intermediate objects returned

BaseDN: OU=Users,OU=TestOU,DC=test,DC=loc
10 intermediate objects returned

700039 Objects returned

Anyone think that is pretty handy??? If so, you can thank Brian, he asked the right question at the right time… I modified the adobjcnt shortcut such that when it detects it is in multi-DN mode it will also insert the -ic switch as well as set the search scope to one-level. If you wanted counts of all of the users in each OU but you wanted the counts to roll up to the higher OU’s as well you would simply add the -s sub or -s subtree switch to your command.

But then I thought, while that is useful, it would be even more useful if I could somehow get that in a CSV format so I could use this more easily from scripts when trying to get a snapshot of an environment… I looked and there was just no way I could get it into the CSV code path. When you do CSV the whole counting section isn’t used and even if it were, it is outside of the location where the CSV code is and in order to try and get it in there would cause me to use some wholly unnatural global variables and other things that just made me go, no, I will not go there, that is too ugly, too inelegant… I know I do some bad things in code, but I don’t want to do THAT bad of things in code.

All hope is not lost however. I decided to add… yes… another switch. I know I know, another one truly isn’t needed but I wanted this functionality and if you don’t like it, just ignore the fact that it is there. This switch is not a very flexible switch, there are no modifiers for it. It is called -ictsv and it simply takes the -ic output and makes it into a TAB Delimited format output. This isn’t going to be tweaked to allow different delimiters or anything like that. It is a hack completely outside the normal CSV routines which have all that flexibility. I chose tab delimited because DNs have commas and it is unlikely (impossible? I don’t know, didn’t test) to see a tab in a DN and to be honest, I like tab delimited output. I usually use TABs for my delimiters for CSV output. Anyway that output looks like…

G:\>adfind -default -f ou=* -dsq | adfind -sc adobjcnt:user -ictsv
OU=CharTests,OU=TestOU,DC=test,DC=loc   1
OU=createtest,OU=TestOU,DC=test,DC=loc  10
OU=Deleted,OU=XXXTest,DC=test,DC=loc 0
OU=XXXTest,DC=test,DC=loc    0
OU=Domain Controllers,DC=test,DC=loc    0
OU=Email,OU=My,DC=test,DC=loc   1
OU=GPOTest,OU=TestOU,DC=test,DC=loc     0
OU=Groups,OU=My,DC=test,DC=loc  0
OU=Groups,OU=TestOU,DC=test,DC=loc      0
OU=HideTest,OU=TestOU,DC=test,DC=loc    0
OU=joeperm,OU=TestOU,DC=test,DC=loc     0
OU=My,DC=test,DC=loc    0
OU=oneleveldown,OU=createtest,OU=TestOU,DC=test,DC=loc  1
OU=Outlook,OU=TestOU,DC=test,DC=loc     0
OU=permtest,OU=TestOU,DC=test,DC=loc    2
OU=PoSTest,DC=test,DC=loc       700001
OU=Skip,OU=TestXXX,OU=XXXTest,DC=test,DC=loc      1
OU=TestXXX,OU=XXXTest,DC=test,DC=loc      4
OU=TestDisable,OU=XXXTest,DC=test,DC=loc     0
OU=TestOU,DC=test,DC=loc        7
OU=Users,OU=My,DC=test,DC=loc   2
OU=Users,OU=TestOU,DC=test,DC=loc       10

Pretty cool huh… Anyone think that is handy? If so… well you are welcome… But something still bothers me about that output… Anyone else bothered by it? It could be just me but I kind of like seeing things that normally have a hierarchical form to be displayed that way. I don’t mean in the white space, but instead, I mean I don’t want to see something like

OU=Outlook,OU=TestOU,DC=test,DC=loc     0
OU=permtest,OU=TestOU,DC=test,DC=loc    2
OU=TestOU,DC=test,DC=loc        7

I want to see the TestOU first and then its sub-OU’s after… I tried modifying my search to see if I could force AD to return the info in that order but quite frankly, AD truly isn’t hierarchical, it just appears that way. It is actually a flat database. The idea of hierarchy is imposed on it for LDAP purposes. So I thought, I really need to do something about this… This will drive me nuts. However, trying to retrieve all of the information and maintain it in memory so I can then sort it is ridiculous, might as well just write this thing in PowerShell or .NET… (count it…) if I do it in such a silly way… Then I thought, wait, I already have what I need in memory to sort it hierarchically after the DNs have been piped in so I added, yes thankyou, another switch called -stdinsort. Why did I do this with a switch? Because I didn’t want to assume someone would want it sorted like I would and I didn’t want to assume I would always want it sorted. Also I wanted to give myself the ability to sort it hierarchically as well as alphabetically both case sensitive and case insensitive, so it is a switch with a default sort order of hierarchical but you can add cialpha or csalpha to get the other types of sort… Now that output looks like

G:\>adfind -default -f ou=* -dsq | adfind -sc adobjcnt:user -ictsv -stdinsort
OU=Domain Controllers,DC=test,DC=loc    0
OU=My,DC=test,DC=loc    0
OU=Email,OU=My,DC=test,DC=loc   1
OU=Groups,OU=My,DC=test,DC=loc  0
OU=Users,OU=My,DC=test,DC=loc   2
OU=PoSTest,DC=test,DC=loc       700001
OU=TestOU,DC=test,DC=loc        7
OU=CharTests,OU=TestOU,DC=test,DC=loc   1
OU=createtest,OU=TestOU,DC=test,DC=loc  10
OU=oneleveldown,OU=createtest,OU=TestOU,DC=test,DC=loc  1
OU=GPOTest,OU=TestOU,DC=test,DC=loc     0
OU=Groups,OU=TestOU,DC=test,DC=loc      0
OU=HideTest,OU=TestOU,DC=test,DC=loc    0
OU=joeperm,OU=TestOU,DC=test,DC=loc     0
OU=Outlook,OU=TestOU,DC=test,DC=loc     0
OU=permtest,OU=TestOU,DC=test,DC=loc    2
OU=Users,OU=TestOU,DC=test,DC=loc       10
OU=XXXTest,DC=test,DC=loc       0
OU=Deleted,OU=XXXTest,DC=test,DC=loc    0
OU=TestDisable,OU=XXXTest,DC=test,DC=loc        0
OU=TestXXX,OU=XXXTest,DC=test,DC=loc    4
OU=Skip,OU=TestXXX,OU=XXXTest,DC=test,DC=loc    1

Much better… ;o)

This and more in the new version of AdFind… AdFind V01.40.00 is expected to emerge from the cocoon on Feb 13, 2009.

     joe

Rating 3.00 out of 5

10/7/2008

I code… therefore I am

by @ 10:42 pm. Filed under general

I am finally writing code again… I am happy about that because I was effectively not coding for over a year. Yes, for over a year, almost 15 months actually. That is a long time for me not to write code because it is one of my main creative outlets.

I will be releasing one of the tools because it is an update to GCChk. When I originally wrote GCChk I thought about allowing you to specify the DCs to use to check and then decided that AD is probably better at picking the DCs to use than most admins and didn’t allow you to specify the DCs. Well my good friend Guido ran into an issue that was a perfect example of why you may need to specify a DC to use to do the check. He actually needed to check one GC against the partitions on another GC. Now this normally wouldn’t be a good idea because you should probably check against a writeable partition as it would be considered a bit more authoritative but Guido was in a position where he didn’t have network access to a writeable DC for the partitions he was checking due to the network configuration. The ONLY way to check for lingering objects would be to daisy chain from the writeable to the closest GC to the next closest GC etc all the way to the end of the WAN. The MSFT lingering object check in repadmin just can’t do it and trying to get that updated to do that would take an OS release and Guido was on a project that needed a very troubled forest checked out and fixed quickly. I couldn’t help him with the correcting the issues, but I could help him out with identifying GCs and their specific issues. And so I updated GCChk to to allow specifying GCs for the comparison. Again that will be uploaded in the next few weeks.

 

And the second tool I worked on was a complete surprise for me…. This one I had to work on for my day job so obviously I will never be releasing it. It is… yes wait for it… a C# utility… Yes I wrote my first .NET program. I will admit it was better than I expected but at the same time it was worse. The ".NET is so intuitive and easy" really wasn’t the case, at least not for me. And System.DirectoryServices has some serious issues and bad assumptions. I know I know Eric and JoeK and BrianD and everyone else who told me to use System.DirectoryServices.Protocols. Next time I play with .NET, I will do so. But I think it was good for me to see what most people who jump into .NET (and PowerShell) are likely going to use for directory access and I feel for them. I will try to write a blog or two on a few things that I found to be really annoying and/or bad.

Rating 3.00 out of 5

8/11/2008

UpToDateness Vector (UTDV)

by @ 5:04 pm. Filed under tech

Brandon posted recently about the UTDV and how to get it in PowerShell. As he mentions in the blog post some chatter on AD Org got him and I going down another road in an offline email stream. This resulted in him finding a .NET method to get this over his really painful way he was doing it. However, one of the things I told him about that he neglected to mention in his post is that you really don’t need any fancy NET methods, this data is available in a simple query response from AD. You simply need to ask for the right attribute….

Specifically you need to ask for msDS-NCReplCursors when querying the NC Head that you care about…

For example to get the info for my default domain on my default domain controller…

G:\>adfind -default -s base msDS-NCReplCursors

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:DC=test,DC=loc
>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>a34ea639-dd63-4ce8-a1c2-3ecdebd0519d</uuidSourceDsaInvocationID>
        <usnAttributeFilter>2132842</usnAttributeFilter>
        <ftimeLastSyncSuccess>2008-08-11T21:00:25Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN>CN=NTDS Settings,CN=R2DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>4dd96a30-d20d-4b40-bd83-556c172b8d37</uuidSourceDsaInvocationID>
        <usnAttributeFilter>3158745</usnAttributeFilter>
        <ftimeLastSyncSuccess>2008-08-11T20:52:44Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN>CN=NTDS Settings,CN=TEST-DC1,CN=Servers,CN=secondsite,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>47e66f05-61fa-4bff-88e1-2a62b5ef8289</uuidSourceDsaInvocationID>
        <usnAttributeFilter>719116</usnAttributeFilter>
        <ftimeLastSyncSuccess>2007-05-16T18:47:55Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>343d88a0-0fef-4df2-ac7c-151aa3106a68</uuidSourceDsaInvocationID>
        <usnAttributeFilter>13177</usnAttributeFilter>
        <ftimeLastSyncSuccess>2006-07-15T13:43:49Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>

1 Objects returned

 

That will work from any LDAP query tool you want to use… And if you want this in a slightly nicer way but willing to use AdFind you can do this

G:\>adfind -default -s base msDS-NCReplCursors;binary

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:DC=test,DC=loc
>msDS-NCReplCursors;binary:      13177 2006/07/15-09:43:49      DeletedDSA
>msDS-NCReplCursors;binary:     719116 2007/05/16-14:47:55      DeletedDSA
>msDS-NCReplCursors;binary:    3158745 2008/08/11-16:52:44      secondsite\TEST-DC1
>msDS-NCReplCursors;binary:    2132849 2008/08/11-17:02:11      Default-First-Site-Name\R2DC1

1 Objects returned

 

That is a bit cleaner to look at IMO. It also takes less data on the wire and less work on the Domain Controller as it comes over in a BLOB that I know how to decode.

 

   joe

Rating 3.00 out of 5

7/17/2008

Will I or won’t I be an MVP for another year?

by @ 10:34 pm. Filed under general

Well my MVP lead is already asking for the year’s accomplishments to determine if I have been helpful enough to receive the MVP designation another year. I have to say this is absolutely the earliest this has happened in the ummmm 6, 7, or 8 years that I have been an MVP. It usually happens in mid September or so, I would kind of expect it to happen at the end of August or beginning of September which puts it close to the one year mark but gives enough time to figure things out but kudos to Ali (the new lead) for jumping out there and trying to dig up what I have thrown down in the last year already.

So thoughts from all of you? Should I be a Microsoft MVP for another year? Now for the tricky part… If the answer is no, what can I do to improve? And Brandon and you other PowerShell Zealots the answer to that is NOT “write a PowerShell Provider for AdFind” nor even “Start doing everything in PowerShell”. πŸ˜‰

The first few years I really didn’t care if I was an MVP or not. Didn’t much matter to me. But over the years I have built up some fantastic relationships with many folks in Redmond on the product teams where I can give direct feedback and often they approach me up front for feedback which I always enjoy and always try to accommodate. Also the source code access is very cool and is extremely helpful in helping people out when they run into issues. I can’t count the number of times someone has described an issue and given me a DSID that I looked up and quickly determined what the issue was for them without hassle and fuss.

So anyway, I hope to hear in October that I have made it another year as an MVP. We shall see. πŸ™‚

Rating 3.00 out of 5

6/19/2008

Scripting / SysAdmin Meme

by @ 10:29 pm. Filed under general

Well Darren has effectively said “Tag, you’re it” for this Scripting/Sysadmin Meme that is going around. I kind of liken this to the emails that say send this to 7 of your friends immediately but since I am not actually forwarding it, you have to come to me to read it, I will play.

 

How old were you when you started using computers?

I was 12 and I believe I was in 7th grade when I first started playing with computers.  

 

What was your first machine?

The first computer I used was a Commodore PET with cassette tape storage. It was in Manton Consolidated School’s Library. The first computer my parents owned that I played on was an Atari 800 which I believe I still have a book on programming the graphics for. Although we had that machine I believe I had begged and begged for a TI-99 before that. Also mixed up in there in my playing were an Apple II and the Tandy TRS-80 Model II and the first multi-user computer I used was a PDP-11/34 running RSTS/E 7.2.

 

What was the first real script you wrote?

I started with writing compiled and assembled languages. I had all of these languages down before writing my first script – BASIC, BASIC-PLUS, BASIC-PLUS-2, FORTRAN, COBOL, PL-1, Pascal, Assembler for like 3 or 4 different processor architectures, MACRO Assembler for PDP-11, and C back when I was still in High School.

I didn’t get too involved with scripting until I started playing a MUD in the mid-90’s called MajorMUD and then I used Qmodem Pro’s SLIQ Scripting language to write scripts that would run my characters around killing monsters and picking up cash and weapons. That was the first major script I wrote for anything and was thousands of lines (I wonder if I still have that around) and could handle nearly everything in the game and used text files for directions for easy updates. It was very cool as it allowed for two characters to work together (which I called tag teaming script) which was immensely better than just a single character running around scripting. I actually was able to sell copies of the compiled version to other players of the game. If anyone that used to play MajorMUD is reading this, my characters were Slayer Cricket which was a Ogre Witch Hunter and Hunter Cricket which was a Human Paladin (colloquially known as Hunter and Slayer). The scripts would talk to each other by passing text messages back and forth through a MUD private chat channel.

The first real scripting I did “professionally” was REXX and Perl back in the late-90’s (1996 or so).

 

What scripting languages have you used?

DOS batch, Fastlane FINAL (dabbled), REXX, Perl, VBScript, JScript, SLIQ, and I have dabbled with PowerShell because I have had too occasionally. πŸ˜‰  Out of the bunch, I find Perl to be by far what I prefer.

 

What was your first professional sysadmin gig?

Well I ran the PDP-11 at my high school which was kind of a real job though I didn’t get paid. Didn’t matter, that system had to be up and running and if it wasn’t, it was my ass. After that when I was about 17 and still in high school I got a job working for a company called Automated Tracking Systems which processed insurance info for GMAC loans and issues MIC insurance for anyone who didn’t have any insurance. It was an interesting job as we would get Mag Tapes from EDS and you never knew what format those things would be coming in as, it was all over the map. The job was as weekend operator. I worked 24 hours over Sat/Sun making sure PDP-11’s and VAXes ran ok processing loan tapes and doing other batch jobs. Mostly I slept and wrote code (MACRO Assembler and Basic-Plus II) to do system chores. 

 

If you knew then what you know now, would have started in IT?

Yes I think so. I would have started earlier and not taken the time off that I did and I very likely would be retired right now just sitting back having fun writing code and enjoying life a little more. While I started early, I took large blocks of time (years) off from the tech field as it kept burning me out and went out and explored the world a little doing sales, etc. I certainly would have started something joeware “like” much sooner and would have pushed harder to make it commercial as it is tougher to do now with the little time I have. I also wouldn’t have wasted my time and money going to University/College.

 

If there is one thing you learned along the way that you would tell new sysadmins, what would it be?

Share information. Information hoarded is ridiculous. I laugh when I see people in IT who think they are important because they are the only ones who know how to do this that or the other thing. I am very quick to tell people how to do things or at least help them learn things so I can move on and do other things. Who wants to be stuck doing the same thing over and over again. Also… Never stop exploring. πŸ™‚

 

What’s the most fun you’ve ever had scripting?

Well for pure fun, it was the MUD scripts I wrote. It was a huge challenge trying to make the computer “think” for me when I was off working so that my characters would get money, weapons, experience points and stay alive. People constantly would attack the scripts and try to trick you, etc. My scripts would play a song anytime they “bugged out” when there was too much danger of dying or something unexpected and therefore unhandled occurred…. the song… Blue Oyster Cult’s Don’t Fear The Reaper. πŸ™‚  Just hearing the opening bars will make the hair on my arms stand upright and wake me up instantly because usually when I heard that it meant that someone was attacking my characters and I might be dead. I recall the Hunter and Slayer scripts running on my Packard Bell computer while I slept in the next room the song would pop on and I would be flying out of bed before it got 15 notes into the song.

As for “real” scripts I would say I had a blast writing scripts for Ford Credit when I worked there. We implemented SMS replacements in perl as well as all sorts of other things.

 

Who am I calling out?

Eric Fleischman

Brett Shirley

Brian Desmond

Joe Kaplan

Gil Kirkpatrick

Laura Hunter

Nathan Muggli

Rating 3.00 out of 5

4/18/2008

The 2008 MVP Summit is over…

by @ 11:24 am. Filed under general

The 2008 MVP Summit is over. It included some 2000 MVPs from around the world. I didn’t see and talk to most or even a large number, relatively, of the MVPs. Pretty much I stuck to the 40 or so DS MVPs that were present as well as a bunch of Exchange MVPs[1]. There were some security MVPs as well as a single PowerShell MVP (the unknown MVP) I spent time with as well. Nothing personal, you just don’t have the time in the days available to do otherwise, can’t possibly meet and see everyone you want to, the days are very very filled and busy and all of the folks I see are friends from around the world who I usually get to see once or if I am lucky, twice a year. Not every DS MVP is someone I care to see but the good far outweighs the bad.

As mentioned, the days were packed from the moment I opened my eyes until the moment my head hit the pillow again. Consequently as my life moved into last night I was nearly part of the "walking dead" universal group[2] and I didn’t even need the incredible Heavenly Bed of the Westin to let me sleep like a dead man though it certainly was nice. πŸ™‚ If you ever stay in Seattle, I do highly recommend the Westin. Ask for a high floor, you will not be disappointed I expect. I have stayed in enough hotels at this point to know that many if not most seem to have issues with the bed and the shower, at least relative to the Westin. I use the Westin as the standard for what I expect and/or want in those two categories.

Seattle was once again a beautiful hostess to our time to catch up and see what is going on with our friends building the products we work on every day.While it was gray and rainy much of the time, its just something you come to expect out of Seattle if you come here enough. You just look at it and say… "Hey its just Seattle being Seattle."

And when I say our friends building the products, that is something I mean almost without exception. These people on the DS team are my friends. I may beat up on them occasionally but if I am not beating up on them, I think or at least hope they realize that may not be a good thing because my care and ownership in the product has left me if I am not willing to spend the energy to find out what I don’t like and debate it with them. These are people that although I see them rarely in the overall scope of my life, have great impact on my life and I would very much enjoy seeing them regularly. They are very smart people, in some cases they are scary smart people. I greatly enjoy my interactions with them and look forward to any time I get to spend with them or communicating with them.

I would like to say thanks to the MVP program for putting the summit together so I can come out and see all my friends, both MVP and Microsoft. Thanks to Sean O’ for all his work with the MVPs, I wish you weren’t leaving us but do understand and wish you great luck and success. I unfortunately don’t think the new guy will replace you, just take your old job but hopefully I am wrong. Especially I want to thank the DS Team (including the ever growing and incredibly important AD Backseat Architects) for taking time out to spend with us and talk with us and debate with us on what we should and shouldn’t be doing. I want to thank the team for taking time out to see us, trying hard to make amazing products and also for making me laugh. I wish many of the stories we heard weren’t NDA items because they are incredibly funny and it helps illustrate that these builders of the products we load on our computers are people too and make mistakes and laugh at things just like everyone else in the world.

Let me, for a moment, point out the Backseat Architects specifically… I don’t know everyone in that group but I know of at least three and these three are some of the most passionate and well informed people concerned the DS that I know of. How many companies do you know with people who leave a group or maybe never were even officially part of a group care enough about it to establish a DL to discuss the group and products from that group and help the official folks with all of it? I would love to be on that DL so if any of you figure out a way to pull that off, please do.

Overall, the people around the world who rip on Microsoft and say it and the people who work there are evil and looking to do bad things, etc simply don’t know the people inside the company. They are good people, real people, who want to make things better and do so within the confines and boundaries that exist for them. I know of no other company that I have worked with that has such passion for its products and customers. Not everyone at MSFT is like that, but certainly most of the people I deal with in Redmond certainly are and it is extremely obvious to me.

So thanks to those folks so closely tied to the DS… Thanks for seeing us, thanks for explaining things to us, thanks for debating with us, thanks for the hilarious stories we can’t share with anyone, and thanks for being who you are and doing what you do every day… Thank you ~Eric, Brett, Dmitri, Matt, Nathan, Stephanie, Moon, Uday, Dushyant, Dennis, Siddharth, James, Jason,  and all of the folks I got to meet on this trip whom I haven’t gotten to know well yet.

Several of you will continue hearing from me regularly, some of you should expect to hear from me more, probably considerably  more, so I can make sure I get my input into what you are doing because, well, because I care; I want you to continue to produce products I want to continue to use. :)  If any of you need anything from me, you know where to find me. If I don’t respond, it is simply because I am very busy and just behind or Exchange or Outlook ate the message you sent and you know who to go tap on the shoulder about that. πŸ˜‰

 

    joe

 

[1] Which seem to, as a whole, like me now – ExchMbx really raised my value in the eyes of the Exchange MVPs I think. I don’t feel this was always the case, there was a time where at least some of them were upset with me because they thought I was just calling their baby ugly because I simply felt like saying it was. Over time they seemed to have realized I had some clue what I was talking about and didn’t just do it to complain, but because I wanted to see the product get better… and again, I don’t think ExchMbx hurt me in their eyes…

[2] Bad geek humour

Rating 3.00 out of 5

4/6/2008

I don’t know what time it is… Nor what .NET framework versions I have loaded…

by @ 12:32 pm. Filed under tech

A man with one watch knows what time it is; a man with two watches is never quite sure.

I was thinking of this quote the other day as I was trying to figure out what version(s) of the .NET framework were loaded on a Windows Server 2003 Server[1]. I had an application that said it wanted the 2.0 framework, I ran the 2.0 framework installer that came with the app and it said it wasn’t compatible with the version loaded. So I asked the simple question, well wtf is loaded?

I thought this is an easy question right? .NET is supposed to be a component of the OS, etc. I look in control panel and I see something for .NET 1.1 but nothing else, I run it, maybe it is just named poorly… Nope, just 1.1 stuff.

I googled for an answer, I keep finding “look at this and that DLL” or “look at these reg keys” or “look for these subfolders” and I am like, that can’t be right. Let me ask some of my friends…. Smart friends, I mostly have very smart friends, I really enjoy talking to smart people and I have been lucky enough to have a lot of smart people in my life.

In the responses back I received several methods… And they didn’t seem to align with each other… I didn’t know what framework versions I had loaded. I still really don’t…

Method #1:

Look at the subdirectories under %windir%\windows.net\framework

HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v2.0 SP1
HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v2.0.50727
HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v3.0

Method #2

Look for the file mscorlib.dll under %windir%\windows.net\framework

C:\WINDOWS\microsoft.net\framework\v1.1.4322\mscorlib.dll
C:\WINDOWS\microsoft.net\framework\v2.0.50727\mscorlib.dll

Method #3

Look for .NET in output from wmic product (snipped at … on each line for readability)[2]

Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 …
Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 1 …
Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 …

Method #4

Look at entries in registry

HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v2.0 SP1
HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v2.0.50727
HKEY_LOCAL_MACHINE\software\microsoft\.netframework\v3.0

Method #5

Looking at Add/Remove programs

Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Service Pack 1

 

So let’s tally the results shall we… Excuse the format, no table formatting in this version of livewriter…

Version                   Count                % sources

Version1.1                  3                        60%
Version 2                    3                        60%
Version 2 SP1             4                        80%
Version 3                    3                        60%
Version 3 SP1             2                        40%

 

Yes I still don’t authoritatively know what versions of .NET I have loaded. I am relatively confident I have 1.1 because I see icons for it in Control Panel, I am a little more confident I have Version 2 SP1 as well since almost all of the sources of what I have said I have it. I won’t even guess on the rest.

 

So I figured that maybe I could look at one of MSFT’s big new management tools, PowerShell (PoS) and it would show me… well if it does, I couldn’t find it[3] in the 5 minutes of looking I spent. It seems like it would at least tell me what it thinks it is using possibly.

 

Does anyone else other than the friends I spoke to in IM think this is a lot harder and indeterminate than it should be for something alleged to be so important in the OS? Honestly, there should be a simple command that I run from the CMD that tells me, why yes, you have these versions of the framework loaded… I found some code that will allegedly enumerate framework versions but it was .NET code… Firstly I shouldn’t have to compile something to do this since again, it is allegedly so important to the OS (recall Windows Server 2003 had an initial name of Windows .NET Server and then Windows 2003 .NET Server). Second, most people can’t compile code period. Oh yeah thirdly, it shouldn’t have to be .NET code… What if I don’t have the right framework to run it?

This is still a simple example, I have no doubt that on Windows Server 2008 this is more complicated since yet another version is likely in place and we haven’t even looked at x86 versus x64 versions… How much more complicated will that make it?

 

Again this should be simple. Why isn’t it? At this point I will take a button on System Properties that tells me the .NET frameworks that are available on the system. I think at this point we have learned enough about things to know that knowing versions on a system could be useful info for people debugging things or looking at requirements for an application, etc. Arguably developers who write apps that run on this framework should have code that checks when it is installed to see if the pre-reqs are there, but lets be realistic, I don’t even expect MSFT software to truly do that let alone third parties.

 

Another topic I am not even go deep into but was sent to me is version numbers in .NET and what they mean… I had some knowledgeable people who thought version number increases meant CLR changes… Not so says Scott – http://www.hanselman.com/blog/HowToSetAnIISApplicationOrAppPoolToUseASPNET35RatherThan20.aspx

Add features, rev the major version number??? To me that would be like changing AdFind’s major rev number for added features. I would be up on like Version 30-something for AdFind… V37.0.0… With the same core code… That just doesn’t sit with me right. I wonder what happens with the version number when the CLR does receive some changes? Call it something else entirely?

 

    joe

 

 

[1] God I hate that name, see how awkward that was to type and to read out loud – MSFT get off the model year methodology for naming OSes, at least for Servers, I don’t give a frack what you name your Client OSes… Servers should be something like Windows 7.x.x, Windows 8.x.x, Windows 9.x.x…

[2] Funny IM chat about this when my friend told me about it and I made an observation…

  • Me: lol, wmi* = “this isn’t fast”
  • Me: They were trying to get us ready for .NET
  • Friend: nod, ironic we’ve actually found something slower that what we’re trying to determine the version of
  • Me: hahahahaha

[3] As a side note I find it annoying that it doesn’t handle dir /? very nicely.

Rating 3.00 out of 5

11/9/2007

Now this is stupid… Go Exchange Dev Team…

by @ 11:18 pm. Filed under tech

http://support.microsoft.com/?kbid=944332

 

User Creation via PowerShell Did Not Succeed When Using LoadGen on Exchange Server 2007

Cause

This error may occur if the user account running LoadGen is not a member of the Enterprise Administrators group. This is one of the requirements.
If you do not log on as the Enterprise Administrator (for example if you log on as the local administrator), Exchange Load Generator cannot create users in Active Directory. Exchange Load Generator must have sufficient rights to create users, organizational units, distribution groups, and query-based distribution groups. Exchange Load Generator must be running under an account that is a member of the Enterprise Administrators group.

 

Resolution

Use Active Directory Users and Computers (ADUC) to add the user to Enterprise Administrator Group.
To view the group membership of a user, double-click the user account name in the Active Directory Users and Computers snap-in, and then click Member Of. If you are logged on as a user who has the correct permissions, you can add a user to a security group. To add a user to a security group, double-click the group in the Active Directory Users and Computers snap-in, click Members, and then click Add.

I guess the person working on this tool hadn’t taken his Active Directory nor “Get a Security clue” classes yet.

I am amazed someone could publish that article without being completely embarrassed.

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]