joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

1/2/2009

Cool AdFind feature #49216

by @ 2:28 pm. Filed under tech

This is a new feature that I added to AdFind on this last version. Sometimes you look at a record and you want to quickly know the delta time between now and the time listed. I have added the –tdcd option to do that. By default it will handle the int8 values, but if you add the –tdcgt or –tdcgts switch it will also handle generalized time as well.

Examples:

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f name=administrator -tdcd badpwasswordtime lastlogon lastlogoff pwdlastset lastlogontimestamp whencreated whenchanged

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-DC1.trouble.loc:389
Directory: Windows Server 2008
Base DN: DC=trouble,DC=loc

dn:CN=Administrator,CN=Users,DC=trouble,DC=loc
>whenCreated: 20080619161006.0Z
>whenChanged: 20081230012257.0Z
>lastLogoff: 0000/00/00-00:00:00 (UNDEFINED)
>lastLogon: 2008/12/30-11:06:29 Eastern Standard Time (-3 days 2 hours 17 minutes 47 seconds)
>pwdLastSet: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 20 seconds)
>lastLogonTimestamp: 2008/12/27-11:08:55 Eastern Standard Time (-6 days 2 hours 15 minutes 22 seconds)

1 Objects returned

and with Generalized time decoded as well

 

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f name=administrator -tdcgts -tdcd badpwasswordtime lastlogon lastlogoff pwdlastset lastlogontimestamp whencreated whenchanged

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-DC1.trouble.loc:389
Directory: Windows Server 2008
Base DN: DC=trouble,DC=loc

dn:CN=Administrator,CN=Users,DC=trouble,DC=loc
>whenCreated: 2008/06/19-11:10:06 Eastern Standard Time (-197 days 2 hours 14 minutes 26 seconds)
>whenChanged: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 35 seconds)
>lastLogoff: 0000/00/00-00:00:00 (UNDEFINED)
>lastLogon: 2008/12/30-11:06:29 Eastern Standard Time (-3 days 2 hours 18 minutes 3 seconds)
>pwdLastSet: 2008/12/29-20:22:57 Eastern Standard Time (-3 days 17 hours 1 minutes 35 seconds)
>lastLogonTimestamp: 2008/12/27-11:08:55 Eastern Standard Time (-6 days 2 hours 15 minutes 37 seconds)

1 Objects returned

Rating 4.00 out of 5

So where is AdFind???

by @ 2:19 pm. Filed under tech

Sorry folks, haven’t released adfind yet, still testing and checking it out. Amongst other things, I have found some new constants in some of the binary flags to decode for Windows Server 2008 when I was testing that I needed to get into the tool because I hate seeing things like

F:\Dev\Current\CPP\AdFind\Debug>adfind -rootdse msds-replallinboundneighbors;binary -h trouble-rodc1

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-RODC1.trouble.loc:389
Directory: Windows Server 2008

dn:
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Schema,CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),COMPRESS(268435456),NO_CHG_NOTIFY(536870912),UNKNOWN(5120)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."

1 Objects returned

I much prefer

F:\Dev\Current\CPP\AdFind\Debug>adfind -rootdse msds-replallinboundneighbors;binary -h trouble-rodc1

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) January 2009

Using server: TROUBLE-RODC1.trouble.loc:389
Directory: Windows Server 2008

dn:
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: CN=Schema,CN=Configuration,DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."
>msDS-ReplAllInboundNeighbors;binary: ConsecFails: 0      LastResult: 0      LastAttempt: 2009/01/02-10:46:20       LastSuccess: 2009/01/02-10:46:20      DSA: Default-First-Site-Name\TROUBLE-DC2 NC: DC=trouble,DC=loc Flags: 805311552 [SCHEDULED(64),FULL_REPLICA(1024),SELECT_SECRETS(4096),COMPRESS(268435456),NO_CHG_NOTIFY(536870912)] Address: b044ea44-36db-4c43-805b-8c38fb10fb71._msdcs.trouble.loc LastError: "The operation completed successfully."

1 Objects returned

Don’t worry… it is coming soon. 🙂

 

   joe

Rating 3.00 out of 5

1/1/2009

Happy New Year!

by @ 3:04 am. Filed under general

Happy New Year everyone.

Let’s hope for a much better year this year than the last. 🙂

and just think… Next year it will be 2010… Unbelievable to me… I still feel like the year 2000 vigil just happened and that was so long ago…

Rating 3.00 out of 5

12/29/2008

AdFind –MVFilter updates

by @ 3:39 pm. Filed under tech

I have lots of features in AdFind that I like, but I have to say I am particularly happy with the –mvfilter function. Its something so simple and so widely requested yet NOT done by most LDAP clients… You want this functionality when you only want to see the values in the attribute that match specific things you are looking for… For example, I want all email addresses in the proxyaddresses attribute that has the string @company.com in it so I can clean them up… How hard, seriously, should that be? I initially added it with only about 30 minutes of coding and I have now expanded it a little for V01.39.00. At some point I hope to actually add regular expression capability to the matching.

The first update is to allow you to specify multiple values for a single attribute. So for example you could only output proxyaddress values that have smtp: in them, now you could specify that you want to see smtp: and x400:.

The second update is to match on the attribute name only. Previously I took the entire string returned by Active Directory for the attribute and matched against that. In most cases this is fine and truthfully most people are looking at the screen going? Huh? What’s the difference? The difference comes in when doing some more advanced things like working with attributes you want returned in their binary formats or values that come back with ranging. When that occurs the attribute has a ;binary or ;range= string appended to the attribute name so if you are matching on someattrib=joe if you get back someattrib;binary=joe the match would fail because the attribute name wasn’t matching up. I have made that more intelligent and now someattrib=joe will check attributes named someattrib as well as someattrib;someextension.

A simple example showing something cool you can do because of these two updates. We will pull replication metadata for an object… No we will pull replication metadata for multiple objects based on an LDAP filter. I want to do this because it is something that can’t be done by repadmin which is the first tool everyone else thinks of when they think to get replication metadata. ;)  Don’t get me wrong, repadmin is extremely cool, I like it a lot, I just like AdFind better for getting replication metadata.

Retrieve the replication metadata info for proxyAddress, mailnickname, and homeMDB for every object with a mailnickname value.

F:\Dev\Current\CPP\AdFind\Debug>adfind -default -f mailnickname=* -sc objsmeta -mvfilter msDS-ReplAttributeMetaData=mailnickname;msDS-ReplAttributeMetaData=proxyaddresses;msDS-ReplValueMetaData=homemdb

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: DC=joeware,DC=local

dn:CN=23001_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119164 Default-First-Site-Name\DC2                      1706316 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23002_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119160 Default-First-Site-Name\DC2                      1706318 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23003_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplValueMetaData;binary: homeMDB                  119162 Default-First-Site-Name\DC2                      1706320 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

<SNIP>

You may think… so what… well here is what it would look like with AdFind without the multivalue filtering….

F:\Dev\Current\CPP\AdFind\Debug>adfind -e -default -f mailnickname=* -sc objsmeta

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: DC=joeware,DC=local

dn:CN=23001_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119137 Default-First-Site-Name\JOEWARE-DC1               119137 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119156 Default-First-Site-Name\DC2                      1706317 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119136 Default-First-Site-Name\JOEWARE-DC1               119136 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119135 Default-First-Site-Name\JOEWARE-DC1               119135 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119164 Default-First-Site-Name\DC2                      1706316 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23002_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119141 Default-First-Site-Name\JOEWARE-DC1               119141 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119157 Default-First-Site-Name\DC2                      1706319 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119140 Default-First-Site-Name\JOEWARE-DC1               119140 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119139 Default-First-Site-Name\JOEWARE-DC1               119139 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119160 Default-First-Site-Name\DC2                      1706318 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

dn:CN=23003_Test,OU=test,DC=joeware,DC=local
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  accountExpires
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  cn
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  codePage
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  countryCode
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  dBCSPwd
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  displayName
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  homeMTA
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  instanceType
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  legacyExchangeDN
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  lmPwdHistory
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  logonHours
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  mailNickname
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  mail
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchALObjectVersion
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  msExchHomeServerName
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchMailboxGuid
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchMailboxSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchPoliciesIncluded
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  msExchUserAccountControl
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  name
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  ntPwdHistory
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  nTSecurityDescriptor
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectCategory
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectClass
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  objectSid
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  primaryGroupID
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  proxyAddresses
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  pwdLastSet
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  sAMAccountName
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  sAMAccountType
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  showInAddressBook
>msDS-ReplAttributeMetaData;binary:     119145 Default-First-Site-Name\JOEWARE-DC1               119145 2008/06/06-16:21:29               1  supplementalCredentials
>msDS-ReplAttributeMetaData;binary:     119158 Default-First-Site-Name\DC2                      1706321 2008/06/06-16:20:59               1  textEncodedORAddress
>msDS-ReplAttributeMetaData;binary:     119144 Default-First-Site-Name\JOEWARE-DC1               119144 2008/06/06-16:21:29               1  unicodePwd
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  userAccountControl
>msDS-ReplAttributeMetaData;binary:     119143 Default-First-Site-Name\JOEWARE-DC1               119143 2008/06/06-16:21:29               1  whenCreated
>msDS-ReplValueMetaData;binary: homeMDB                  119162 Default-First-Site-Name\DC2                      1706320 2008/06/06-16:20:59           1 (+)CN=DB1,CN=SG-Default,CN=InformationStore,CN=MBX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joeware,DC=local

<SNIP>

as you can see, the filtering makes the output much more useful, you get only what you need.

Rating 3.00 out of 5

Cacheable versus Cachable

by @ 2:25 pm. Filed under tech

Which is the correct spelling? Anyone?

I would tend to go with cachEable but Microsoft went with cachAble in the attribute msDS-IsUserCachableAtRodc so I keep misspelling the darn attribute. 🙂

Interestingly Live Writer spell check thinks Cacheable is ok but Cachable is an error…

 

image

Rating 3.00 out of 5

Extended Error: 00002121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 8333

by @ 12:53 pm. Filed under tech

I added support for the input DN control in AdFind V01.39.00. What is the input DN control? It is a new control for Windows Server 2008 which will show you the RODC caching policy for a given (or set of) RODC(s) for a given security principal. This is done by specifying the LDAP_SERVER_INPUT_DN_OID control and with the DN of the security principal while asking for the msDS-IsUserCachableAtRodc attribute for the RODC computer objects.

Today while testing the functionality with a matching shortcut (so you don’t have to remember the switches and attribute to use) of –sc rodc_cachable:secprin_DN it initially worked fine

[Mon 12/29/2008 11:37:55.97]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=testuser,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

dn:CN=TROUBLE-RODC1,OU=Domain Controllers,DC=trouble,DC=loc
>msDS-IsUserCachableAtRodc: 2 [CACHABLE(2)]

1 Objects returned

but then I tried it on a second security principal that I thought I had created but hadn’t.

[Mon 12/29/2008 11:38:38.41]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=testuser1,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

ldap_get_next_page_s: [TROUBLE-DC1.trouble.loc] Error 0x1 (1) – Operations Error

Extended Error: 00002121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 8333

0 Objects returned

and as you can see I got an error. I didn’t expect that error. I am documenting it here for anyone who may run into it later (including myself) so they are aware of what happened.

The error, 2121, decodes to

  ERROR_DS_CANT_RETRIEVE_ATTS                                   winerror.h
# The search failed to retrieve attributes from the database.

Initially I thought it should just return 0, not cached. But then thought, well the DN is wrong, shouldn’t we tell the user somehow that they may have screwed up? So from that angle it makes sense.

Oh, here is what it looks like for an account that isn’t cached.

[Mon 12/29/2008 11:38:44.07]
F:\Dev\Current\CPP\AdFind\Debug>adfind -sc rodc_cachable:cn=administrator,cn=users,dc=trouble,dc=loc  -exterr

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) December 2008

Transformed Filter: (&(objectcategory=computer)(useraccountcontrol:1.2.840.113556.1.4.803:=67108864))
Using server: TROUBLE-DC1.trouble.loc:3268
Directory: Windows Server 2008

dn:CN=TROUBLE-RODC1,OU=Domain Controllers,DC=trouble,DC=loc
>msDS-IsUserCachableAtRodc: 0 []

1 Objects returned

 

Here is what the shortcut decodes to if you want to do it manually in AdFind V01.39.00 or better…

    -f (&(objectcategory=computer)(useraccountcontrol:AND:=67108864))
    -gcb
    -inputdn cn=administrator,cn=users,dc=trouble,dc=loc
    -recmute
    -samdc

Selected Attributes
    msDS-IsUserCachableAtRodc

 

Rating 3.00 out of 5

12/24/2008

Merry Christmas

by @ 8:16 pm. Filed under general

Merry Christmas to everyone.

 

If you don’t celebrate Christmas then Happy/Merry/Whatever <insert holiday>. 🙂

 

Basically…. just have an awesome Saturnalia/Winter Solstice/Yule/Festival of Lights based celebration.

Rating 3.00 out of 5

12/23/2008

Chocolate Syrup to put on Ice Cream

by @ 1:46 pm. Filed under recipes

This is my grandma’s secret chocolate syrup recipe, it rocks.

 

2 cups sugar
about 1/3 cup Hershey’s dry cocoa
1/2 stick oleo or butter
1 large can CARNATION milk (must be carnation)

 

mix all together, bring to boil over medium heat.
stirring to keep it from burning, (It takes about 5 minutes to thicken)

pour in fruit jar.

when cool put in frig.

Rating 3.00 out of 5

12/22/2008

Ultimate Trophy

by @ 5:19 pm. Filed under humour

image001

Rating 3.00 out of 5

Even Santa Has Had to Downsize

by @ 2:56 pm. Filed under humour

The recent announcement that Donner and Blitzen have elected to take the
early reindeer retirement package has triggered a good deal of concern about whether they will be replaced, and about other restructuring decisions at the North Pole.

Streamlining was appropriate in view of the reality that the North Pole no longer dominates the season’s gift distribution business. Home shopping channels and mail order catalogues have diminished Santa’s market share and he could not sit idly by and permit further erosion of the profit picture.

The reindeer downsizing was made possible through the purchase of a late model Japanese sled for the CEO’s annual trip. Improved productivity from Dasher and Dancer, who summered at the Harvard Business School, is anticipated and should take up the slack with no discernible loss of service. Reduction in reindeer will also lessen airborne environmental emissions for which the North Pole has been cited and received unfavorable press.

I am pleased to inform you and yours that Rudolph’s role will not be disturbed. Tradition still counts for something at the North Pole. 
Management denies, in the strongest possible language, the earlier leak that Rudolph’s nose got that way not from the cold, but from substance abuse. Calling Rudolph “a lush who was into the sauce and never did pull his share of the load” was an unfortunate comment, made by one of Santa’s helpers and taken out of context at a time of year when he is known to be under executive stress.

As a further restructuring, today’s global challenges require the North Pole to continue to look for better, more competitive steps. 
Effective immediately, the following economy measures are to take place in the “Twelve Days of Christmas” subsidiary:

The partridge will be retained, but the pear tree never turned out to be the cash crop forecasted. It will be replaced by a plastic hanging plant, providing considerable savings in maintenance.

The two turtle doves represent a redundancy that is simply not cost effective.
In addition, their romance during working hours could not be condoned. The positions are therefore eliminated.

The three French hens will remain intact. After all, everyone loves the French.

The four calling birds were replaced by an automated voice mail system, with a call waiting option. An analysis is underway to determine who the birds have been calling, how often and how long they talked.

The five golden rings have been put on hold by the Board of Directors. Maintaining a portfolio based on one commodity could have negative implications for institutional investors. Diversification into other precious metals as well as a mix of T-Bills and high technology stocks appear to be in order.

The six geese-a-laying constitutes a luxury which can no longer be afforded. It has long been felt that the production rate of one egg per goose per day is an example of the decline in productivity. Three geese will be let go, and an upgrading in the selection procedure by personnel will assure management that from now on every goose it gets will be a good one.

The seven swans-a-swimming is obviously a number chosen in better times. The function is primarily decorative. Mechanical swans are on order. The current swans will be retrained to learn some new strokes and therefore enhance their outplacement.

As you know, the eight maids-a-milking concept has been under heavy scrutiny by the EEOC. A male/female balance in the workforce is being sought. The more militant maids consider this a dead-end job with no upward mobility. Automation of the process may permit the maids to try a-mending, a-mentoring or a-mulching.

Nine ladies dancing has always been an odd number. This function will be
phased out as these individuals grow older and can no longer do the steps.

Ten Lords-a-leaping is overkill. The high cost of Lords plus the expense of international air travel prompted the Compensation Committee to suggest replacing this group with ten out-of-work congressmen. While leaping ability may be somewhat sacrificed, the savings are significant because we expect an oversupply of unemployed congressmen this year.

Eleven pipers piping and twelve drummers drumming is a simple case of the band getting too big. A substitution with a string quartet, a cutback on new music and no uniforms will produce savings which will drop right down to the bottom line.

We can expect a substantial reduction in assorted people, fowl, animals and other expenses. Though incomplete, studies indicate that stretching deliveries over twelve days is inefficient. If we can drop ship in one day, service levels will be improved.

Regarding the lawsuit filed by the attorney’s association seeking expansion to include the legal profession (“thirteen lawyers-a-suing”) action is pending.

Lastly, it is not beyond consideration that deeper cuts may be necessary in the future to stay competitive, should that happen, the Board will request management to scrutinize the Snow White Division to see if seven dwarfs is the right number. Happy Holidays!

Rating 3.00 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]