Information about joeware mixed with wild and crazy opinions...
In my review of the Verizon iPhone, I found that its call quality and reliability were superior to that of the AT&T iPhone’s. However, data transfers were significantly slower than AT&T’s, making the AT&T iPhone better for media consumption (watching Netflix, downloading apps, etc.) while the Verizon iPhone is superior for phone calls
http://www.wired.com/gadgetlab/2011/02/consumer-reports-verizon/
This is such a great quote I wanted to post it again. So many parents now a days could really use this basic advice.
Your children are profoundly shaped by you, and your actions will resonate, for good or ill, throughout the rest of their lives. Be a parent who lives the qualities, characteristics and values you would like your family to emulate. Let your life be a living example of what you want to see in your children.
– Dr. Phil (Chapter 7 Family First)
Just received an email that AdFind is being indicated as
Name: (Cloud Id: 4888821) MalUAgent.MIP (Trojan)
by SonicWALL Gateway Antivirus Service.
As with my other utilities, AdFind is not malware. In fact AdFind is likely the most benign tool I have available.
Don’t take my word for it, check out what http://virusscan.jotti.org has to say…
joe
As mentioned in the comment to the release blog entry, the newest released version of AdFind has an issue with LDAP directories that don’t return the supportedControl attribute by default in the standard RootDSE retrieval. If you only use AdFind for Active Directory or ADAM/ADLDS, that is not an issue for you. If you use it to query say OpenLDAP, then that is a problem. Apologies as I don’t do any official testing against the non-MSFT directories though likely I may take up testing against OpenLDAP in the near future since it is freely available and pretty common.
I have a new beta that I am testing now that corrects the issue as well as an additional switch to bypass the check in case there is some other issue that crops up such as a directory that supports paging but doesn’t list it as a supported control. Also since I was looking at the OpenLDAP RootDSE I spent some time to add some decodes for the controls/features/extension OIDs of the OpenLDAP RootDSE. I was trying to work out how to determine the OpenLDAP version from the rootdse but don’t see it right off so likely won’t get that in there. However the directory type will say OpenLDAP now when you query an OpenLDAP directory. For example:
G:\Temp>adfind -hh ldap.testathon.net -rootdseanon
AdFind V01.44.00cpp Joe Richards (joe@joeware.net) February 2011
Using server: ldap.testathon.net:389
Directory: OpenLDAPdn:
>objectClass: top
>objectClass: OpenLDAProotDSE
Like it does for Windows Directories
G:\Temp>adfind -hh . -rootdse
AdFind V01.44.00cpp Joe Richards (joe@joeware.net) February 2011
Using server: SFMWIN764.test.loc:389
Directory: Windows Server 2008 R2 Active Directory Application Modedn:
If you want some more coverage in AdFind/AdMod for other non-MSFT directories, let me know. I don’t guarantee anything but I can give it a shot by at least adding the requests to the DCR lists. At a minimum the directory needs to be LDAPv3 and support paging. If you want me to have AdFind identify the directory type, supply the full output of the rootdse so that I can see if there is an identifier to display the proper string. For example, with Windows directories, I parse the supportedCapabilities attribute, for OpenLDAP I used the structuralObjectClass attribute.
Also if you know of any publicly available instances of a given directory type to test against, please let me know. I found a public instance of OpenLDAP at http://blog.stuartlewis.com/2008/07/07/test-ldap-service/, OpenLDAP allegedly has one also at ldap.openldap.org but that doesn’t work for me. I get Server Down both from Wide Open West cable and Comcast cable internet systems.
joe
The Kleine Schmetterling release of AdFind/AdMod has hit the free tools portion of the web site. I will be back to write up more on the new features and fixes, right now I am going to go to bed, I just spent the last hour fighting with MSFT Expressions Web where it kept crashing on me over and over again so I am not feeling like I want to type much more now. 🙂
See the AdFind update info at http://www.joeware.net/freetools/tools/adfind/index.htm
See the AdMod update info at http://www.joeware.net/freetools/tools/admod/index.htm
joe
I had an email from someone who needed to expire a bunch of userids immediately. They wanted to expire the accounts instead of disabling the accounts because they wanted the change to be “self-documenting” in terms of when it occurred. They also wanted to expire the accounts instead of the passwords because they didn’t want the users to be able to use the accounts and by default, of you expire the password, the user can just change the password, not to mention expiring the passwords wouldn’t be “self-documenting” since when you force a password to be expired you change pwdLastSet to 0. While you could look at the metadata, 90% of your AD admins don’t know that and even still it is more painful and you can’t search on the metadata.[1]
You can easily do this by generating the proper int8 value, searching for the objects with adfind (it was all accounts in a specific OU), and then applying the int8 value to accountExpires attribute of the objects.
Something like
F:\Dev\Current\CPP\AdFind\Release>adfind -enccurrent 0
AdFind V01.43.00cpp **BETA** Joe Richards (joe@joeware.net) February 2011
129416142148710000
and then performing the find and replace…
adfind –default –rb ou=disabletheseusers –s one –f objectclass=user –dsq | admod accountexpires::129416142148710000 –unsafe
There is another way of accomplishing this that has one less step and more generic… Just switch to CSV mode and use the *now_int8* expansion variable.
adfind –default –rb ou=disabletheseusers –s one –f objectclass=user –csv | admod –csv –expand accountexpires::{*now_int8*} –unsafe
This will stamp the users in the OU with the current time as of the running of the command.
What if you wanted these accounts to expire in 14 days instead?
adfind –default –rb ou=disabletheseusers –s one –f objectclass=user –csv | admod –csv –expand accountexpires::{*now_int8*:+d:14} –unsafe
Hope that is useful for you. 🙂
joe
[1] I will write about this more later I think. There is a new feature in the beta of AdFind that I intend to release in the next week that can put you into a position where you can search on metadata though it won’t be real time…
I was running Process Explorer and on an idle system I noticed that my CPU was bumping around a lot more than I would expect for an idle system. Pulled up SysInternals Process Explorer and saw that the Aliph Jawbone updater tool was the one eating CPU. I killed it and set it to not auto-start and now my system truly acts like it is idle when it is idle.
If you haven’t noticed, Apple has changed the screws on the iPhone4 so you can’t open it. A company has decided to make the proper screwdriver available at a cheap price – $9.99. If you want to open an iPhone4, get it, probably the cheapest you will find it.
Link for tool
http://www.ifixit.com/iPhone-Parts/iPhone-4-Liberation-Kit/IF182-019
Link to article
http://www.wired.com/gadgetlab/2011/01/apple-is-screwing-your-iphone/
[joeware – never stop exploring… :) is proudly powered by WordPress.]
