joeware - never stop exploring... :)

I recently updated my main PC to Windows 7 Ultimate RTM and Office 2010 Preview.

As you can expect, when you come from Windows XP SP2 and Office 2003, there are going to be some changes, some good, some maybe that don’t seem so good.

Overall my thoughts (on both Windows 7 and Outlook) is that they are faster, smoother, and prettier. Overall I really like them. 🙂

The first thing in Office that I ran into that annoyed me was that my Outlook kept hanging at random times, once I removed my hotmail account from being linked into Outlook via the I think, Live Connect, that problem went right away. That is annoying as I want all my email coming into the same program but oh well, I can figure that out later.

The next issue which was really irking me and my friend Andrew who I am chatting with, is how in the world do you color the messages now? I like to make Outlook highlight messages from certain people in different colors so I can see them quickly at a glance. A great example is Don Hatcherl, if Don posts to ActiveDir.org, I want to have that stick out in a very different color because if Don has something to say on the subject of AD, I want to read it. I am the guy who used to do everything he could to get copies of messages he sent to DSTALK (limited number of you will likely know what that is) because what Don writes is almost always incredibly useful and insightful information. I do this with emails from several MSFT people, some of the those include Eric, Brett, Dmitry, Steve Linehan, Nathan, Matt, and yes, even Deano.

So anyway, I start looking around for the old Organize button and I do not see it anywhere, I ask my friend Andrew, he says he doesn’t know but would love to know as well. I figure what the heck, let’s see how good the help is… But then I can’t even find help for like 5 minutes and then after I click on all the tabs and look at the screen as a global holistic whole…

…and I finally spy up in the corner sort of hidden because it is blue icon next to the blue edge of the window the little help icon…

 

Thankful that I finally found it, I click that beautiful, if not highly camouflaged, little round icon to be presented with…  Page Not Available.

Sigh… I click on show me information available offline on my computer.

I search for organize and voila, I get a topic of “Change the color of messages in your Inbox”… Perfect! I click on that and get

 

Ah, that is exactly how it was done before… How could I be so obtuse… go to the Tools menu… so simple, I feel so stupid.

Now where in the world is the Tools menu??? After a few minutes of looking around for a tools menu I thought, I don’t see one… I bet this is old help for Office 2007. No hint in the help that this may be a bit long in the tool hence inaccurate… So I just walked away from it for a while…

Later I came back to it with the idea of fresh eyes finds fresh things. I tried the help once more, still no joy so then I looked at the top tabs… Where would the logical place be? Noting to myself that no business would be happy if all of its employees had to relearn where to find everything in the product that they were used to using. Then thought, wait, what if it is like Vista/Windows 7 where they HIDE the menu’s and you press ALT and they will pop up???

I try it and nope they didn’t do it, but they do pop up the ALT Hints which when I first looked at I felt they looked a bit “comic” but am now ok with…

But regardless, that didn’t help me. So I looked at it all holistically and said, ok, if I were going to make this change myself, I would try to do it in a semi-logical fashion and the most logical place it seems to fit with the tabs is on the view tab so I selected the view tab.

 

Then on the view tab I just started clicking and finally found the feature in the Advanced View Settings:Messages (though the menu item is called View Settings) dialog.  On that dialog it is the Conditional Formatting… selection.

 

 

 

And now to make the formatting rule…

 

 

 

Which results in…

 

 

As a refresher, this is how easy it is to do in Outlook 2003…

 

While you highlight a message from the person you want to “color” select Tools | Organize or ALT-T-Z

 

Click on the Using Colors Tab and select your color and hit Apply Color.

 

 

Done…

 

 

Anyway I now have the ability to color code the emails coming in from the people that I want to stick out to me… Now I wonder, how do I tell those conditional formatting rules to apply to other folders/PSTs?

 

   joe

Due to an issue with the WinPcap install, WireShark doesn’t seem to work on Windows 7 after you install it. Here are the steps I followed to get it to work.

1. Download WinPcap 4.1 Beta5 from http://www.winpcap.org/install/default.htm

2. Manually install WinPcap. Next through Dialogs…

Update 2009/10/12: If the above still doesn’t allow the install of WinPcap and you get something about the version of Windows not being supported, use Window Vista SP2 Compatible mode and that should help it work. To get to the dialog, click on START and then in the search Window type “Run programs made for previous versions of windows” and click on it above and follow the prompts.

3. Error will pop up about installing Microsoft Network Monitor Driver but will install version of WinPcap without support for Dialup connections and VPNs. Click OK

4. Download WireShark 1.2.2 64 bit from http://www.wireshark.org/download.html

5. Install as normal, shouldn’t try to install WinPcap since it is already installed.

 

Trying to install WireShark the normal way which also installs WinPcap doesn’t work. It acts like it installed ok but WireShark can’t see the network interfaces.

Note that if you uninstall and then reinstall WinPcap after WireShark has been installed, you will again fail to see the network interfaces. Just uninstall and reinstall WireShark after you uninstall and reinstall WinPcap.

    joe

I responded to an ActiveDir Org post that was talking about finding the DCs that are not doing well when you see an Event ID 1864 like so

Event Type:    Error
Event Source:    NTDS Replication
Event Category:    Replication
Event ID:    1864
Date:        10/2/2009
Time:        12:32:57 AM
User:        NT AUTHORITY\ANONYMOUS LOGON
Computer:    DC1
Description:
This is the replication status for the following directory partition
on the local domain controller.

Directory partition:
DC=root,DC=corp

The local domain controller has not recently received replication
information from a number of domain controllers.   The count of domain
controllers is shown, divided into the following intervals.

More than 24 hours:
1
More than a week:
1
More than one month:
1
More than two months:
1
More than a tombstone lifetime:
1
Tombstone lifetime (days):
60
Domain controllers that do not replicate in a timely manner may
encounter errors. It may miss password changes and be unable to
authenticate. A DC that has not replicated in a tombstone lifetime may
have missed the deletion of some objects, and may be automatically
blocked from future replication until it is reconciled.

To identify the domain controllers by name, install the support tools
included on the installation  CD and run dcdiag.exe.
You can also use the support tool repadmin.exe to display the
replication latencies of the domain controllers in the forest.   The
command is "repadmin /showvector /latency <partition-dn>".

with an AdFind command and got a few emails back along the lines of “What in the world is that command doing???”.

So here is the “biggest” command of the bunch, understand this will help you understand any of the other commands in the posting.

adfind -h DCName -config -s base msDS-NCReplCursors;binary -metasort lastsync -mvnotfilter msDS-NCReplCursors=deleteddsa

The output from this command looks like…

AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: CN=Configuration,DC=joeware,DC=local

dn:CN=Configuration,DC=joeware,DC=local
>msDS-NCReplCursors;binary:     214151 2009/10/02-16:55:51      Default-First-Site-Name\JOEWARE-DC2
>msDS-NCReplCursors;binary:     540610 2009/10/02-17:28:14      Default-First-Site-Name\JOEWARE-DC1

1 Objects returned

though you will most likely see more servers listed. If you only have two DCs, you really don’t need something like this to tell you whether you are replicating or well or not.

 

So anyway… on to the explanation of what is going on…

 

At its core, AdFind is a “simple” LDAP query tool. Every LDAP query comes down to a couple of basic components

Host and port to query

Search Base

Search Scope

Search Filter

Then from there you move into modifiers… What attributes to return and what session options to use and how AdFind should manipulate the output. These will impact how the query runs (like showing deleted objects) or what info is returned (like specifying you only want the displayName attribute) and how it is outputted by the tool. AdFind allows you to tweak most of that with switches. If you know what you are looking for, you can usually find it. The problem comes in if you aren’t familiar with what AD can do and then you just see a bunch of switches doing stuff that you don’t have a clue about. Heck even some attributes people don’t have a clue about… Like msDS-NCReplCursors, most people haven’t a clue what a replication cursor is or that the info was even available through LDAP queries. You can get a little info from MSDN but even that isn’t too awesome.

In terms of the points above combined with the adfind command in question…

First the basic LDAP stuff…

• Host|Port —- -h DCName – Port isn’t specified but defaults to 389 for query. As for the host, if this isn’t specified, the system will ask the Windows LDAP Library to use the “default” DC for the machine the tool is running on.
• Search Base —- -config – this is a shortcut for the search base. When the tool connects to the DC, it enumerates the rootdse and pulls out the configuration context NC and adds that to the query as if you specified it with the –b switch.
• Search Scope —- -s base – this is the BASE type search, i.e. give me the exact object and only that object that I specified as the search base.
• Search Filter —- This isn’t specified in this query because I am asking for the BASE object. I don’t have to specify what I want in a filter because I already did with the combination of the scope and the search base. However, AdFind will send along objectclass=* which will match any object.

 

So now after the basics, you have attributes and session options from an LDAP standpoint…

• You are specifying a specific attribute – msDS-NCReplCursors and you are doing a little LDAP RFC trick called specifying the encoding option. This encoding specified by ;binary is telling AD that I want the data back in binary regardless of the default format to return that attribute. The default happens to be an XML stream. I prefer binary because the DC doesn’t have to work to marshall (i.e. convert) the binary (which it uses internally) to XML to pass it over the wire to me. That saves on DC time for both the marshaling work but also the amount of data it has to push over the network. And it saves my client from having to take in all that network traffic and to unmarshall the stream into something I can consume. This encoding option doesn’t do something for all attributes, but it can be very useful where it does. There is a massive savings on the wire by getting this data in binary versus XML.

 

The rest of the switches are modifiers to tell AdFind how to handle the output. These have nothing to do with what is sent to the DC, it is all handled locally.

• -metasort lastsync – this tells AdFind to sort the data in the Cursor attribute by the lastsync time. You can read more at adfind /meta?
• -mvnotfilter msDS-NCReplCursors=deleteddsa – tells AdFind that for the multi-value attribute msDS-NCReplCursors, it should filter out (NOT filter) and lines that have deleteddsa in the attribute value. If you wanted to see all of the deleteddsa’s then you could reverse this and use -mvfilter msDS-NCReplCursors=deleteddsa which says that it should filter the multi-value attribute and only show values with that string.

 

Everything you can do with AdFind and AdMod break down like this. It is simply basic LDAP queries that are tweaked by whatever methods the OS allows and then filtered or decoded in whatever ways I can dream up to be useful.

 

    joe

Surprised how many people still aren’t aware of Security Essentials, the free Microsoft AV software.

http://www.microsoft.com/Security_essentials

This is something that people occasionally want to do. There are two basic answers that I am aware of. The first I always remember right off since I am an LDAP API coder, is to look at the dnsHostName attribute of the rootdse of the server you are connected to. That is what AdFind and AdMod do when you see the lines

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003

The other way which is ADSI specific and I spent an hour trying to recall today when asked is to use the ADSI GetOption method (IADsObjectOptions::GetOption) to retrieve the ADS_OPTION_SERVERNAME value. I actually have this in an example in my book that lists ACEs in an ACL.

Examples:

VBScript:

Const ADS_OPTION_SERVERNAME=0
‘****************************************************************************
‘Bind to object
‘****************************************************************************
Out "Opening object – " & strLDAPPath
Set objObject = GetObject(strLDAPPath)
strDC = objObject.GetOption(ADS_OPTION_SERVERNAME)

PowerShell (no not me, Brandon gave this to me…)

$dcobject = [adsi]"$Ldap"
$dc = $dcobject.Invoke("GetOption",0)

[ Correction: Quick thanks to Mike for pointing out Brandon’s typo so I could correct it. Brandon obviously meant $dcobject= and not $object= in line 1. He is very sorry to everyone for the typo and he will buy you a cup of coffee the next time he sees you all.  ;o) ]

.NET (again not me, but from a post by Mr. DS.NET programming… Joe Kaplan)

const int ADS_OPTION_SERVERNAME = 0; 
object server = entry.Invoke("GetOption", new object[] {ADS_OPTION_SERVERNAME});

 

  joe

Not sure if I shared this before… A nice little post of Windows Server 2008 Active Directory Feature Components in PDF format.

Windows Server 2008 Active Directory Feature Components