joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

1/8/2009

Update to Grandma’s Chocolate Syrup Recipe

by @ 1:41 am. Filed under recipes

My Grandma was shooting from the hip when I asked for this recipe

http://blog.joeware.net/2008/12/23/1554/

She found the “real” recipe and sent it along…

 

1 stick of oleo or butter
1/2 cup cocoa powder
2 cups of sugar
1 large can of carnation milk

 

Melt together oleo (or butter) & cocoa powder.
Add 2 cups sugar & a large can of carnation milk.
Cook at a slow boil about 10 min. or until thick. store in frig.
If you save jam or jelly jars & lids you can boil them turn upside down on towel to dry.
Pour hot fudge in & tighten lids will keep quite awhile.

Rating 3.00 out of 5

1/2/2009

Metadata info in AdFind

by @ 7:03 pm. Filed under tech

My recent post about getting Active Directory replication Meta Data has spawned a considerable number of emails. I wanted to take a moment and remind everyone of the help switch specifically talking about the replication metadata info. This usage provided in AdFind tells you your sort options available for each metadata attribute and what info is contained in each of the columns.

You can get that help by typing

adfind /meta?

Here is the latest version of that output…

F:\Dev\Current\CPP\AdFind\Debug>adfind /meta?

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

-help         Basic help.
-?            Basic help.
-??           Advanced/Expert help.
-????         Shortcut help.
-sc?          Shortcut help.
-meta?        Metadata help.

Usage:
AdFind [switches] [-b basedn] [-f filter] [attr list]

   basedn        RFC 2253 DN to base search from.
                 If no base specified, defaults to default NC.
   filter        RFC 2254 LDAP filter.
                 If no filter specified, defaults to objectclass=*.
   attr list     List of specific attributes to return, if nothing specified
                 returns ‘default’ attributes, aka * set.

  Switches: (designated by – or /)

   MetaData Help
   =============
   AdFind has the ability to decode various metadata type attributes. These
   attributes can give information about replication status of the server
   itself or replication metadata for individual objects.

   These special attributes are normally returned from Active Directory in
   XML format. This is a bit bulky and can be tough to read without cleanup
   so I have added the ability decode the attributes and cut down the amount
   of data passed over the wire. Using the ;binary option when specifying an
   attribute causes AD to reformat certain attributes and send them across as
   binary blocks of data. When requesting the meta attributes outlined below
   if you do not specify the ;binary option, they will be returned in the
   native format, if you add the ;binary option, they will be returned in the
   alternate format and AdFind will decode the strings to its format.

   To further assist the ease of retrieving this information, see the shortcut
   usage menu via adfind /sc?

   MetaData Attributes
   ——————-
   msDS-ReplQueueStatistics  – RootDSE attribute
       Replication queue statistics. Output is labeled. No sort options.

   msDS-ReplPendingOps – RootDSE attribute
       Any replications operations currently in progress. Output is labeled.
       Default sort order is server return order. Sort options – dsa,date

   msDS-ReplConnectionFailures – RootDSE attribute
   msDS-ReplLinkFailures – RootDSE attribute
       Replication failure information. Output is labeled. Default sort order
       is by DSA. Sort options – dsa,date

   msDS-ReplAllInboundNeighbors – RootDSE attribute
   msDS-ReplAllOutboundNeighbors – RootDSE attribute
       Replication info for all direct neighbors. Output is labeled. Default
       sort order is by DSA. Sort options – dsa,date,nc,err

   msDS-TopQuotaUsage – RootDSE attribute
       Indicates the top object owners on a given server. Output is labeled.
       Default sort order is server return order. Sort options – nc,owner.

   msDS-NCReplInboundNeighbors – Naming Context attribute
   msDS-NCReplOutboundNeighbors – Naming Context attribute
       Replication for all direct neighbors for the specific NC. Output is
       labeled. Default sort order is by DSA. Sort options – dsa,date,nc,err

   msDS-NCReplCursors – Naming Context attribute
       Replication cursors by DSA by context. Output format:
            HighestUSN LastSyncTime DSA
       Default sort order is last sync time. Sort options – lastsync,dsa

   msDS-ReplAttributeMetaData – Object Level attribute
       Replication metadata for object. Output format:
             USNLocal DSA USNOrig Date/Time Version Attribute
       Default sort order is attribute. Sort options – DSA,date,usnloc,usnorig,ver

   msDS-ReplValueMetaData – Object Level attribute (FFL2+ only – i.e. LVR Replication)
       Replication value metadata for object. Output format:
             attribute USNLocal DSA USNOrig Date/Time Version State ObjectDN
       Default sort order is date. Sort options – attrib,obj,DSA,state,date,usnloc,usnorig,ver

   Sort Options
   ————
   The decoded output for most of the metadata attributes can be sorted to various
   fields in the output. The specific fields for each attribute are listed with
   the description of the attributes. In order to change the sort field, use the
   -metasort switch. Specify the switch combined with the options specified above
   to change the sort order. If value has a dash (-) appended, the search order
   is reversed.

  Ex1:
    adfind -rootdse msDS-TopQuotaUsage;binary
      Get top 10 quota users in decoded format

  Ex2:
    adfind -b cn=someobject,ou=someou,dc=test,dc=loc -s base msDS-ReplAttributeMetaData;binary
      Get attribute metadata for specified object in decoded format

This software is Freeware. Use at your own risk.
I do not warrant this software to be fit for any purpose or use and
I do not guarantee that it will not damage or destroy your system.
Contact joe@joeware.net via email for licensing information to package
this utility in commercial products.

See full Warranty documentation on www.joeware.net.

If you have improvement ideas, bugs, or just wish to say Hi, I
receive email 24×7 and read it in a semi-regular timeframe.
You can usually find me at joe@joeware.net

Rating 3.00 out of 5

Cool AdFind feature #49216

by @ 2:28 pm. Filed under tech

This is a new feature that I added to AdFind on this last version. Sometimes you look at a record and you want to quickly know the delta time between now and the time listed. I have added the –tdcd option to do that. By default it will handle the int8 values, but if you add the –tdcgt or –tdcgts switch it will also handle generalized time as well.

Examples:

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f name=administrator -tdcd badpwasswordtime lastlogon lastlogoff pwdlastset lastlogontimestamp whencreated whenchanged

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-DC1.trouble.loc:389
Directory: Windows Server 2008
Base DN: DC=trouble,DC=loc

dn:CN=Administrator,CN=Users,DC=trouble,DC=loc
>whenCreated: 20080619161006.0Z
>whenChanged: 20081230012257.0Z
>lastLogoff: 0000/00/00-00:00:00 (UNDEFINED)
>lastLogon: 2008/12/30-11:06:29 Eastern Standard Time (-3 days 2 hours 17 minutes 47 seconds)
>pwdLastSet: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 20 seconds)
>lastLogonTimestamp: 2008/12/27-11:08:55 Eastern Standard Time (-6 days 2 hours 15 minutes 22 seconds)

1 Objects returned

and with Generalized time decoded as well

 

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f name=administrator -tdcgts -tdcd badpwasswordtime lastlogon lastlogoff pwdlastset lastlogontimestamp whencreated whenchanged

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-DC1.trouble.loc:389
Directory: Windows Server 2008
Base DN: DC=trouble,DC=loc

dn:CN=Administrator,CN=Users,DC=trouble,DC=loc
>whenCreated: 2008/06/19-11:10:06 Eastern Standard Time (-197 days 2 hours 14 minutes 26 seconds)
>whenChanged: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 35 seconds)
>lastLogoff: 0000/00/00-00:00:00 (UNDEFINED)
>lastLogon: 2008/12/30-11:06:29 Eastern Standard Time (-3 days 2 hours 18 minutes 3 seconds)
>pwdLastSet: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 35 seconds)
>lastLogonTimestamp: 2008/12/27-11:08:55 Eastern Standard Time (-6 days 2 hours 15 minutes 37 seconds)

1 Objects returned

Rating 4.00 out of 5

So where is AdFind???

by @ 2:19 pm. Filed under tech

Sorry folks, haven’t released adfind yet, still testing and checking it out. Amongst other things, I have found some new constants in some of the binary flags to decode for Windows Server 2008 when I was testing that I needed to get into the tool because I hate seeing things like

F:\Dev\Current\CPP\AdFind\Debug>adfind -rootdse msds-replallinboundneighbors;binary -h trouble-rodc1

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-RODC1.trouble.loc:389
Directory: Windows Server 2008

dn:
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Schema,CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."

1 Objects returned

I much prefer

F:\Dev\Current\CPP\AdFind\Debug>adfind -rootdse msds-replallinboundneighbors;binary -h trouble-rodc1

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-RODC1.trouble.loc:389
Directory: Windows Server 2008

dn:
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Schema,CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."

1 Objects returned

Don’t worry… it is coming soon. 🙂

 

   joe

Rating 3.00 out of 5

1/1/2009

Happy New Year!

by @ 3:04 am. Filed under general

Happy New Year everyone.

Let’s hope for a much better year this year than the last. 🙂

and just think… Next year it will be 2010… Unbelievable to me… I still feel like the year 2000 vigil just happened and that was so long ago…

Rating 3.00 out of 5

12/29/2008

AdFind –MVFilter updates

by @ 3:39 pm. Filed under tech

I have lots of features in AdFind that I like, but I have to say I am particularly happy with the –mvfilter function. Its something so simple and so widely requested yet NOT done by most LDAP clients… You want this functionality when you only want to see the values in the attribute that match specific things you are looking for… For example, I want all email addresses in the proxyaddresses attribute that has the string @company.com in it so I can clean them up… How hard, seriously, should that be? I initially added it with only about 30 minutes of coding and I have now expanded it a little for V01.39.00. At some point I hope to actually add regular expression capability to the matching.

The first update is to allow you to specify multiple values for a single attribute. So for example you could only output proxyaddress values that have smtp: in them, now you could specify that you want to see smtp: and x400:.

The second update is to match on the attribute name only. Previously I took the entire string returned by Active Directory for the attribute and matched against that. In most cases this is fine and truthfully most people are looking at the screen going? Huh? What’s the difference? The difference comes in when doing some more advanced things like working with attributes you want returned in their binary formats or values that come back with ranging. When that occurs the attribute has a ;binary or ;range= string appended to the attribute name so if you are matching on someattrib=joe if you get back someattrib;binary=joe the match would fail because the attribute name wasn’t matching up. I have made that more intelligent and now someattrib=joe will check attributes named someattrib as well as someattrib;someextension.

A simple example showing something cool you can do because of these two updates. We will pull replication metadata for an object… No we will pull replication metadata for multiple objects based on an LDAP filter. I want to do this because it is something that can’t be done by repadmin which is the first tool everyone else thinks of when they think to get replication metadata. ;)  Don’t get me wrong, repadmin is extremely cool, I like it a lot, I just like AdFind better for getting replication metadata.

Retrieve the replication metadata info for proxyAddress, mailnickname, and homeMDB for every object with a mailnickname value.

F:\Dev\Current\CPP\AdFind\Debug>adfind -default -f mailnickname=* -sc objsmeta -mvfilter msDS-ReplAttributeMetaData=mailnickname;msDS-ReplAttributeMetaData=proxyaddresses;msDS-ReplValueMetaData=homemdb

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: DC=joeware,DC=local

dn:CN=23001_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119164 Default-First-Site-Name\DC2                      1706316 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23002_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119160 Default-First-Site-Name\DC2                      1706318 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23003_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119162 Default-First-Site-Name\DC2                      1706320 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

<SNIP>

You may think… so what… well here is what it would look like with AdFind without the multivalue filtering….

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f mailnickname=* -sc objsmeta

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: DC=joeware,DC=local

dn:CN=23001_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119137 Default-First-Site-Name\JOEWARE-DC1               119137 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119164 Default-First-Site-Name\DC2                      1706316 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23002_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119141 Default-First-Site-Name\JOEWARE-DC1               119141 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119160 Default-First-Site-Name\DC2                      1706318 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23003_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119145 Default-First-Site-Name\JOEWARE-DC1               119145 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119162 Default-First-Site-Name\DC2                      1706320 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

<SNIP>

as you can see, the filtering makes the output much more useful, you get only what you need.

Rating 3.00 out of 5

Cacheable versus Cachable

by @ 2:25 pm. Filed under tech

Which is the correct spelling? Anyone?

I would tend to go with cachEable but Microsoft went with cachAble in the attribute msDS-IsUserCachableAtRodc so I keep misspelling the darn attribute. 🙂

Interestingly Live Writer spell check thinks Cacheable is ok but Cachable is an error…

 

image

Rating 3.00 out of 5

Extended Error: 00002121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 8333

by @ 12:53 pm. Filed under tech

I added support for the input DN control in AdFind V01.39.00. What is the input DN control? It is a new control for Windows Server 2008 which will show you the RODC caching policy for a given (or set of) RODC(s) for a given security principal. This is done by specifying the LDAP_SERVER_INPUT_DN_OID control and with the DN of the security principal while asking for the msDS-IsUserCachableAtRodc attribute for the RODC computer objects.

Today while testing the functionality with a matching shortcut (so you don’t have to remember the switches and attribute to use) of –sc rodc_cachable:secprin_DN it initially worked fine

[Mon 12/29/2008 11:37:55.97]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=testuser,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

dn:CN=TROUBLE-RODC1,OU=Domain Controllers,DC=trouble,DC=loc
>msDS-IsUserCachableAtRodc: 2 [CACHABLE(2)]

1 Objects returned

but then I tried it on a second security principal that I thought I had created but hadn’t.

[Mon 12/29/2008 11:38:38.41]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=testuser1,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

ldap_get_next_page_s: [TROUBLE-DC1.trouble.loc] Error 0x1 (1) – Operations Error

Extended Error: 00002121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 8333

0 Objects returned

and as you can see I got an error. I didn’t expect that error. I am documenting it here for anyone who may run into it later (including myself) so they are aware of what happened.

The error, 2121, decodes to

  ERROR_DS_CANT_RETRIEVE_ATTS                                   winerror.h
# The search failed to retrieve attributes from the database.

Initially I thought it should just return 0, not cached. But then thought, well the DN is wrong, shouldn’t we tell the user somehow that they may have screwed up? So from that angle it makes sense.

Oh, here is what it looks like for an account that isn’t cached.

[Mon 12/29/2008 11:38:44.07]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=administrator,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

dn:CN=TROUBLE-RODC1,OU=Domain Controllers,DC=trouble,DC=loc
>msDS-IsUserCachableAtRodc: 0 []

1 Objects returned

 

Here is what the shortcut decodes to if you want to do it manually in AdFind V01.39.00 or better…

    -f (&(objectcategory=computer)(useraccountcontrol:AND:=67108864))
    -gcb
    -inputdn cn=administrator,cn=users,dc=trouble,dc=loc
    -recmute
    -samdc

Selected Attributes
    msDS-IsUserCachableAtRodc

 

Rating 3.00 out of 5

12/24/2008

Merry Christmas

by @ 8:16 pm. Filed under general

Merry Christmas to everyone.

 

If you don’t celebrate Christmas then Happy/Merry/Whatever <insert holiday>. 🙂

 

Basically…. just have an awesome Saturnalia/Winter Solstice/Yule/Festival of Lights based celebration.

Rating 3.00 out of 5

12/23/2008

Chocolate Syrup to put on Ice Cream

by @ 1:46 pm. Filed under recipes

This is my grandma’s secret chocolate syrup recipe, it rocks.

 

2 cups sugar
about 1/3 cup Hershey’s dry cocoa
1/2 stick oleo or butter
1 large can CARNATION milk (must be carnation)

 

mix all together, bring to boil over medium heat.
stirring to keep it from burning, (It takes about 5 minutes to thicken)

pour in fruit jar.

when cool put in frig.

Rating 3.00 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]