joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

10/1/2009

So I used Serverless Binding with ADSI (or .NET), now what DC am I talking to??

by @ 6:33 pm. Filed under tech

This is something that people occasionally want to do. There are two basic answers that I am aware of. The first I always remember right off since I am an LDAP API coder, is to look at the dnsHostName attribute of the rootdse of the server you are connected to. That is what AdFind and AdMod do when you see the lines

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003

The other way which is ADSI specific and I spent an hour trying to recall today when asked is to use the ADSI GetOption method (IADsObjectOptions::GetOption) to retrieve the ADS_OPTION_SERVERNAME value. I actually have this in an example in my book that lists ACEs in an ACL.

Examples:

VBScript:

Const ADS_OPTION_SERVERNAME=0
‘****************************************************************************
‘Bind to object
‘****************************************************************************
Out "Opening object – " & strLDAPPath
Set objObject = GetObject(strLDAPPath)
strDC = objObject.GetOption(ADS_OPTION_SERVERNAME)

PowerShell (no not me, Brandon gave this to me…)

$dcobject = [adsi]"$Ldap"
$dc = $dcobject.Invoke("GetOption",0)

[ Correction: Quick thanks to Mike for pointing out Brandon’s typo so I could correct it. Brandon obviously meant $dcobject= and not $object= in line 1. He is very sorry to everyone for the typo and he will buy you a cup of coffee the next time he sees you all.  ;o) ]

.NET (again not me, but from a post by Mr. DS.NET programming… Joe Kaplan)

const int ADS_OPTION_SERVERNAME = 0; 
object server = entry.Invoke("GetOption", new object[] {ADS_OPTION_SERVERNAME});

 

  joe

Rating 3.00 out of 5

Re-Awarded the Microsoft MVP for Directory Services. :)

by @ 10:36 am. Filed under general

Seems my value to the community is still enough to merit recognition. I am very happy to be in a position to help folks out with the things I have learned and the things I am still learning every day. 🙂

 

Congratulations! We are pleased to present you with the 2009 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Directory Services technical communities during the past year.

Rating 3.00 out of 5

Daily smile… :)

by @ 7:15 am. Filed under humour

annoyingdrunk

Rating 3.00 out of 5

9/25/2009

Active Directory Feature Components

by @ 6:31 am. Filed under tech

Not sure if I shared this before… A nice little post of Windows Server 2008 Active Directory Feature Components in PDF format.

Windows Server 2008 Active Directory Feature Components

Rating 3.00 out of 5

Firefly / Serenity stuff

by @ 6:19 am. Filed under general

Brandon has been on a Firefly quote kick lately so I dug up some links for him, thought I would share those and some others with the rest of the geeks…

Cool opening song

This is the captain. We have a little problem with our entry sequence, so we may experience some slight turbulence and then explode.

 

Ringtone

http://www.madringtones.org/tone/363111-Ballad-of-Serenity

 

MP3

http://www.whedon.info/Firefly-Theme-Song-Ballad-Of.html

 

Guitar tutorial

 

 

Rating 3.00 out of 5

9/22/2009

F5 VPN solution on Windows 7 anyone???

by @ 5:21 pm. Filed under tech

Anyone get this working? I keep blowing up when installing the ActiveX components or if I get through the install it just hangs on checking connection. I actually need this working to get to the network of one of my customers.

Rating 3.00 out of 5

9/21/2009

OpenSource Windows Perf Log Analyzer

by @ 4:14 pm. Filed under tech

http://www.codeplex.com/PAL

Haven’t used it but it looks like it could be cool. 🙂 Brian told me about it.

Rating 3.00 out of 5

9/17/2009

Finding old unused Domain Controller objects in the Sites Container

by @ 4:25 pm. Filed under tech

Something that always annoys me is when I look at an Active Directory and start finding old Domain Controller Server objects out in the sites container for DCs that were demoted or forcibly removed from Active Directory weeks, months, or years ago. This is just sloppy admin work but once it is done and hasn’t been cleaned up for some time I admit it can be a pain in the arse to cleanup with how dssite.msc (Sites and Services) displays the info. You have to click on every site and expand it out a couple of levels. No one really has time to go back and do that if they didn’t have time to clean up properly in the first place.

So to help folks find objects that are possible old DC objects that should be cleaned up here is a simple AdFind query to help…

adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" –dsq

That will produce something that looks like

Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"

 

You can now look that over and determine if yes, those are old DCs (i.e. there aren’t machines that belong to some other application that stuck it there like the old ADC from Exchange). If they are then you simply pipe that output to admod –rm and bam… all clean.

If you have a naming standard in place for domain controllers then you can apply that to the filter as well like so…

Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"

Note that the list is the same. 😉 But it won’t necessarily always be as other apps can put servers in the sites container. Keep that in mind or else you could accidently cause some serious pain. 🙂

And to remove…

 

E:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq | admod -rm -unsafe

AdMod V01.12.00cpp Joe Richards (joe@joeware.net) September 2009

DN Count: 46
Using server: USMITRY-DC12.NorthAmerica.somecompany.net:389
Directory: Windows Server 2003

Deleting specified objects…
   DN: CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
   DN: CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…

The command completed successfully

 

  joe

Rating 3.00 out of 5

9/15/2009

Resolving Foreign Security Principals to SAM Names

by @ 4:33 pm. Filed under tech

This is probably obvious to some but thought I would write it up for those it wasn’t obvious for…

Sometimes when you look at a group in AD or ADAM, you see foreignSecurityPrincipal (FSP) objects in the membership. These aren’t generally, for most people anyway, quick to be resolved to friendly names so maybe you end up looking each one up individually which is slow and painful, especially if you have multiple.

So here is a quick example to help you when you hit this…

Say you have a group in ADAM that has membership that looks like

E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} member

AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009

Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode

dn:CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}

1 Objects returned

 

GREAT! Thanks AdFind for telling me who is in the group… But wait, who exactly do those FSPs relate to? Two ways…

First using –ASQ

E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} -asq member objectsid -resolvesids

AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009

Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode

dn:CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\sitescope

dn:CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: EUROPE\Domain Admins

dn:CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\MMS_Search

dn:CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\Domain Admins

dn:CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\so_jar

dn:CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\Enterprise Admins

dn:CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\AdamAdmins

7 Objects returned

 

Next using the AdFind piped to AdFind functionality

E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} member -qlist | adfind -h . objectsid -resolvesids

AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009

Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode

dn:CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\AdamAdmins

dn:CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\Enterprise Admins

dn:CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\so_jar

dn:CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\Domain Admins

dn:CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\MMS_Search

dn:CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: EUROPE\Domain Admins

dn:CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\sitescope

7 Objects returned

 

You can clean it up even more with either the above commands by simple adding –list like so

E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} -asq member objectsid -resolvesids -list
NORTHAMERICA\sitescope
EUROPE\Domain Admins
NORTHAMERICA\MMS_Search
NORTHAMERICA\Domain Admins
NORTHAMERICA\so_jar
ROOT\Enterprise Admins
ROOT\AdamAdmins

 

   joe

Rating 4.33 out of 5

9/14/2009

Blog performance and availability

by @ 7:25 pm. Filed under general

You may have encountered some perf issues reading the blog today (Sept 14, 2009). This was due to something within my provider POWWEB. I contacted them and they said they would look into it and suddenly it was working as normal again. Of course this provoked questions…

This was the first response I received

Hello,
The main issue here is that you need to limit the amount of posts that you are loading on one page. There are too many posts per page which is really drawing out your load time. I have raised your PHP memory limit and have also resolved a session.save_path issue within your php.ini file but the main issue here is that too many posts loading at one time issue. That can be adjusted from the admin area of your WordPress blog. Let me know once this is done if you still have loading issues and I’ll continue to help where I can.
Thank you,
Gareth B.
Operations, Tech Tier 2

Not having seen any issues in a very very long time with page loads and having the current setting for number of posts for at least a year I responded:

Why did this all of a sudden become an issue in the last day? I have had the same configuration for posts etc for well over a year now with no issues.
thanks, joe

Their response was again less than ideal

Hello,
I cannot remark on what WordPress configurations may do from time to time, as updates often happen quite often within WordPress. I do know that this may not have been seen before now due to perhaps browser caching. Some new browsers do force a new version of the site to be pulled every time you browse to it, which is good because it then shows the most complete and new version of your site.
When I use any of the many website optimization or page testing sites on the net, I get many flags for this site in concern to the amount of data that is pulled and the number of queries on this one very long page. I definitely advise limiting the number of posts that display on one page to avoid further issues with speed.
Thank you,
Gareth B.
Operations, Tech Tier 2

As someone who has been doing operational support in Enterprise class companies for > 10 years, I feel this answer is more accurately represented with “umm we don’t know what is going on” or alternately “we knew what was wrong but we screwed up and we certainly aren’t going to tell you what we did and in the meanwhile, let me ding you on something else that could possibly cover it although we know it isn’t the problem because it is working great now without you making any mods to your wordpress config…”

Oh the mention of the mod to the session.save_path is also a red herring, I never modified the php.ini file and taking a peek at it, it is still the same as the default for the server. And it is identical to the php.ini file I have on another couple of sites I host through POWWEB.

Overall I like POWWEB but I don’t believe I have yet to have had a good experience with their support team. But then I am probably a bit pickier than a lot of people having done support so long myself and generally recognizing BS when I hear it.

 

    joe

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]