Information about joeware mixed with wild and crazy opinions...
Brandon has been on a Firefly quote kick lately so I dug up some links for him, thought I would share those and some others with the rest of the geeks…
Cool opening song
This is the captain. We have a little problem with our entry sequence, so we may experience some slight turbulence and then explode.
Ringtone
http://www.madringtones.org/tone/363111-Ballad-of-Serenity
MP3
http://www.whedon.info/Firefly-Theme-Song-Ballad-Of.html
Guitar tutorial
Anyone get this working? I keep blowing up when installing the ActiveX components or if I get through the install it just hangs on checking connection. I actually need this working to get to the network of one of my customers.
Haven’t used it but it looks like it could be cool. 🙂 Brian told me about it.
Something that always annoys me is when I look at an Active Directory and start finding old Domain Controller Server objects out in the sites container for DCs that were demoted or forcibly removed from Active Directory weeks, months, or years ago. This is just sloppy admin work but once it is done and hasn’t been cleaned up for some time I admit it can be a pain in the arse to cleanup with how dssite.msc (Sites and Services) displays the info. You have to click on every site and expand it out a couple of levels. No one really has time to go back and do that if they didn’t have time to clean up properly in the first place.
So to help folks find objects that are possible old DC objects that should be cleaned up here is a simple AdFind query to help…
adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" –dsq
That will produce something that looks like
Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
You can now look that over and determine if yes, those are old DCs (i.e. there aren’t machines that belong to some other application that stuck it there like the old ADC from Exchange). If they are then you simply pipe that output to admod –rm and bam… all clean.
If you have a naming standard in place for domain controllers then you can apply that to the filter as well like so…
Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
Note that the list is the same. 😉 But it won’t necessarily always be as other apps can put servers in the sites container. Keep that in mind or else you could accidently cause some serious pain. 🙂
And to remove…
E:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq | admod -rm -unsafe
AdMod V01.12.00cpp Joe Richards (joe@joeware.net) September 2009
DN Count: 46
Using server: USMITRY-DC12.NorthAmerica.somecompany.net:389
Directory: Windows Server 2003
Deleting specified objects…
DN: CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
The command completed successfully
joe
This is probably obvious to some but thought I would write it up for those it wasn’t obvious for…
Sometimes when you look at a group in AD or ADAM, you see foreignSecurityPrincipal (FSP) objects in the membership. These aren’t generally, for most people anyway, quick to be resolved to friendly names so maybe you end up looking each one up individually which is slow and painful, especially if you have multiple.
So here is a quick example to help you when you hit this…
Say you have a group in ADAM that has membership that looks like
E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} member
AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009
Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode
dn:CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>member: CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
1 Objects returned
GREAT! Thanks AdFind for telling me who is in the group… But wait, who exactly do those FSPs relate to? Two ways…
First using –ASQ
E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} -asq member objectsid -resolvesids
AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009
Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode
dn:CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\sitescope
dn:CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: EUROPE\Domain Admins
dn:CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\MMS_Search
dn:CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\Domain Admins
dn:CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\so_jar
dn:CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\Enterprise Admins
dn:CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\AdamAdmins
7 Objects returned
Next using the AdFind piped to AdFind functionality
E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} member -qlist | adfind -h . objectsid -resolvesids
AdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009
Using server: someadamserver.NorthAmerica.somecompany.net:389
Directory: Active Directory Application Mode
dn:CN=S-1-5-21-1511590266-3576895337-3233274463-6632,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\AdamAdmins
dn:CN=S-1-5-21-1511590266-3576895337-3233274463-519,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: ROOT\Enterprise Admins
dn:CN=S-1-5-21-1757981266-299502267-1801674531-239491,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\so_jar
dn:CN=S-1-5-21-1757981266-299502267-1801674531-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\Domain Admins
dn:CN=S-1-5-21-1757981266-299502267-1801674531-76732,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\MMS_Search
dn:CN=S-1-5-21-507921405-813497703-1202660629-512,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: EUROPE\Domain Admins
dn:CN=S-1-5-21-1757981266-299502267-1801674531-96228,CN=ForeignSecurityPrincipals,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C}
>objectSid: NORTHAMERICA\sitescope
7 Objects returned
You can clean it up even more with either the above commands by simple adding –list like so
E:\>adfind -h . -b CN=Administrators,CN=Roles,CN=Configuration,CN={061AA795-CE70-4B2F-AEE3-9E0BAAF2532C} -asq member objectsid -resolvesids -list
NORTHAMERICA\sitescope
EUROPE\Domain Admins
NORTHAMERICA\MMS_Search
NORTHAMERICA\Domain Admins
NORTHAMERICA\so_jar
ROOT\Enterprise Admins
ROOT\AdamAdmins
joe
You may have encountered some perf issues reading the blog today (Sept 14, 2009). This was due to something within my provider POWWEB. I contacted them and they said they would look into it and suddenly it was working as normal again. Of course this provoked questions…
This was the first response I received
Hello,
The main issue here is that you need to limit the amount of posts that you are loading on one page. There are too many posts per page which is really drawing out your load time. I have raised your PHP memory limit and have also resolved a session.save_path issue within your php.ini file but the main issue here is that too many posts loading at one time issue. That can be adjusted from the admin area of your WordPress blog. Let me know once this is done if you still have loading issues and I’ll continue to help where I can.
Thank you,
Gareth B.
Operations, Tech Tier 2
Not having seen any issues in a very very long time with page loads and having the current setting for number of posts for at least a year I responded:
Why did this all of a sudden become an issue in the last day? I have had the same configuration for posts etc for well over a year now with no issues.
thanks, joe
Their response was again less than ideal
Hello,
I cannot remark on what WordPress configurations may do from time to time, as updates often happen quite often within WordPress. I do know that this may not have been seen before now due to perhaps browser caching. Some new browsers do force a new version of the site to be pulled every time you browse to it, which is good because it then shows the most complete and new version of your site.
When I use any of the many website optimization or page testing sites on the net, I get many flags for this site in concern to the amount of data that is pulled and the number of queries on this one very long page. I definitely advise limiting the number of posts that display on one page to avoid further issues with speed.
Thank you,
Gareth B.
Operations, Tech Tier 2
As someone who has been doing operational support in Enterprise class companies for > 10 years, I feel this answer is more accurately represented with “umm we don’t know what is going on” or alternately “we knew what was wrong but we screwed up and we certainly aren’t going to tell you what we did and in the meanwhile, let me ding you on something else that could possibly cover it although we know it isn’t the problem because it is working great now without you making any mods to your wordpress config…”
Oh the mention of the mod to the session.save_path is also a red herring, I never modified the php.ini file and taking a peek at it, it is still the same as the default for the server. And it is identical to the php.ini file I have on another couple of sites I host through POWWEB.
Overall I like POWWEB but I don’t believe I have yet to have had a good experience with their support team. But then I am probably a bit pickier than a lot of people having done support so long myself and generally recognizing BS when I hear it.
joe
For those looking to identify the misc plants growing around the yard… Or if you have to look for a specific plant for your natural remedies…
http://www.ipm.ucdavis.edu/PMG/weeds_intro.html
I received an email with a script to clear the pwd_not_reqd flag that the author said he meant to post as a comment but couldn’t (old posts don’t allow comments anymore to slow down on spam). The post was http://blog.joeware.net/2006/06/29/431/
Fortunately, you don’t need a script to do this, it is a one liner with adfind/admod (all one line).
adfind -default -bit -f "&(objectcategory=computer)(useraccountcontrol:AND:=32)" useraccountcontrol -adcsv | admod -sc uacclear:PASSWD_NOTREQD –unsafe
Here it is in action…
[Wed 09/09/2009 18:36:06.30]
G:\new1\Dev\CPP\ExchMbx>adfind -default -bit -f "&(objectcategory=computer)(useraccountcontrol:AND:=32)" useraccountcontrol -adcsv | admod -sc uacclear:PASSWD_NOTREQD -unsafeAdMod V01.11.00cpp ##BETA## Joe Richards (joe@joeware.net) June 2007
DN Count: 8
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003Modifying specified objects…
DN: CN=testcmp,CN=Computers,DC=test,DC=loc…
DN: CN=testdc,CN=Users,DC=test,DC=loc…
DN: CN=FakeServer1,CN=Computers,DC=test,DC=loc…
DN: CN=FakeServer2,CN=Computers,DC=test,DC=loc…
DN: CN=FakeServer3,CN=Computers,DC=test,DC=loc…
DN: CN=FakeServer10,CN=Computers,DC=test,DC=loc…
DN: CN=FakeServer11,CN=Computers,DC=test,DC=loc…
DN: CN=FakeServer12,CN=Computers,DC=test,DC=loc…The command completed successfully
This is a combined effort work of art… The guilty shall remain nameless…
My Active Directory forest before Microsoft Exchange
My Active Directory forest after Microsoft Exchange
This is quick and easy with AdFind and AdMod…
You just have to find the users, pipe their DN and sAMAccountName to AdMod and tell it to do a rename… Like so
adfind –b ou=someou,dc=domain,dc=com -f "&(objectcategory=person)(objectclass=user)(name=*,*)" samaccountname –adcsv | admod –rename {{samaccountname}} –upto 1000
That command self limits itself to only modifying up to 1000 users just in case something isn’t right. You can set that limit to whatever you want or specify –unsafe instead if you just want them all done and are sure your query is ok.
Here is a live example:
[Wed 09/09/2009 13:04:47.87]
G:\>adfind –b cn=users,dc=test,dc=loc -f "&(objectcategory=person)(objectclass=user)(name=*,*)" samaccountnameAdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: cn=users,DC=test,DC=locdn:CN=some\, user,CN=Users,DC=test,DC=loc
>sAMAccountName: ThisTestUser1 Objects returned
[Wed 09/09/2009 13:04:53.88]
G:\>adfind –b cn=users,dc=test,dc=loc -f "&(objectcategory=person)(objectclass=user)(name=*,*)" samaccountname -adcsv |admod -rename {{samaccountname}} -upto 1000AdMod V01.10.00cpp Joe Richards (joe@joeware.net) February 2007
DN Count: 1
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003Renaming CN=some\, user,CN=Users,DC=test,DC=loc to ThisTestUser…
The command completed successfully
[Wed 09/09/2009 13:04:59.93]
G:\>adfind –b cn=users,dc=test,dc=loc -f samaccountname=thistestuser samaccountnameAdFind V01.40.00cpp Joe Richards (joe@joeware.net) February 2009
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: cn=users,DC=test,DC=locdn:CN=ThisTestUser,CN=Users,DC=test,DC=loc
>sAMAccountName: ThisTestUser1 Objects returned
[joeware – never stop exploring… :) is proudly powered by WordPress.]
