joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

11/28/2008

Delta time searches of int8 attributes with AdFind

by @ 4:49 am. Filed under tech

I’m on a roll…

This evening while partaking in a little turkey, ham, mashed potatoes, and some sautéed squash fries and visiting with friends and family the code I needed to write to add delta time filter capability popped into my head and this evening I inserted that code so now you can do something like

 

F:\Dev\Current\CPP\AdFind\Debug>adfind -default -binenc -f "lastlogontimestamp>={{current:-20d}}" lastlogontimestamp -tdcs

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) November 2008

Transformed Filter: lastlogontimestamp>=128706070664670000
Using server: JOEWARE-DC1.joeware.local:389
Directory: Windows Server 2003
Base DN: DC=joeware,DC=local

dn:CN=$jricha34,CN=Users,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/18-20:29:00 Eastern Standard Time

dn:CN=DC2,OU=Domain Controllers,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/24-09:38:47 Eastern Standard Time

dn:CN=JOEWARE-DC1,OU=Domain Controllers,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/18-15:53:36 Eastern Standard Time

dn:CN=MBX01,CN=Computers,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/22-23:34:48 Eastern Standard Time

dn:CN=$joe,CN=Users,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/17-21:42:24 Eastern Standard Time

dn:CN=mvp,OU=Users,OU=joeware.net,OU=Orgs,OU=Mail,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/18-08:35:01 Eastern Standard Time

dn:CN=joe,OU=Users,OU=joeware.net,OU=Orgs,OU=Mail,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/18-16:36:13 Eastern Standard Time

dn:CN=listmail1,OU=Users,OU=joeware.net,OU=Orgs,OU=Mail,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/25-23:37:40 Eastern Standard Time

dn:CN=support,OU=Users,OU=joeware.net,OU=Orgs,OU=Mail,DC=joeware,DC=local
>lastLogonTimestamp: 2008/11/18-22:48:57 Eastern Standard Time

9 Objects returned

 

Which basically says, show me all objects that have the lastLogonTimeStamp attribute updated with a value from the last 20 days. You could also do –20m for last 20 minutes. Or if you want to be very specific you can specify the days, hours, minutes and seconds with a dd:hh:mm:ss formatted string. The 20 days example would look like –20:00:00:00 or alternately –20:0:0:0.

This will make it even easier for folks to use AdFind for their custom cleanup scripts if OldCmp isn’t doing it for them… Instead of them having to calculate the actual int8 value, they can let AdFind do it for them.

    joe

Rating 3.00 out of 5

11/27/2008

HAPPY THANKSGIVING

by @ 1:34 pm. Filed under general

So Happy Thanksgiving to all of my US viewers.

To everyone else, happy last Thursday of November. 🙂

 

  joe

Rating 3.00 out of 5

11/26/2008

Calm…

by @ 8:24 pm. Filed under quotes

Calmness of the mind is one of the beautiful jewels of wisdom. It is the result of long and patient effort in self control.

A man becomes calm in the measure that he understands himself as a thought-evolved being, for such knowledge necessitates the understanding of others as the result of thought, and as he develops a right understanding , and sees more and more clearly the internal relations of things by the action of cause and effect, he ceases to fuss and fume and worry and grieve, and remains poised, steadfast, serene.

How many people we know who sour their lives, who ruin all that is sweet and beautiful by explosive tempers, and make  bad blood! It is a question whether the great majority of people do not ruin their lives and mar their happiness by lack of self-control.

 

  – James Allen (as a Man Thinketh)

Rating 3.00 out of 5

AdFind -filterbreakdown

by @ 8:13 pm. Filed under tech

So you have this big nasty LDAP filter and for some reason it isn’t working and by that I mean when you submit the query it comes back and says invalid filter or maybe it doesn’t return what you expect for the data set. You know if you could just see the filter in a “nice” format you could probably figure out what is going on…

Well certainly I have thought that on more than one occasion and usually it was Exchange or sometimes some third party app that generated that nasty LDAP filter that I had to try and figure out what was wrong with…

For example… say you have this lovely filter (some of you may recognize it…)

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

Certainly that is easy to read… (reread with sarcastic sneer…)

If you have enough permissions on the Domain Controller you can throw it through AdFind with the -stats+ or -stats+only switches and you get to see something like

Filter Breakdown:

(
(&
   (mailNickname=*)
   (|
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=user)
       (!
         (homeMDB=*)
       )
       (!
         (msExchHomeServerName=*)
       )
     )
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=user)
       (|
         (homeMDB=*)
         (msExchHomeServerName=*)
       )
     )
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=contact)
     )
     (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joeware,DC=local)
     (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joeware,DC=local)
     (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configuration,DC=joeware,DC=local)
   )
)
)

which is at least an order of magnitude easier to read.

But what if your filter is…

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))((!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

and you run that through AdFind…

The filter is syntactically incorrect (can you see the error?) so you will see…

ldap_get_next_page_s: [JOEWARE-DC1.joeware.local] Error 0x57 (87) – Filter Error

Yeah that isn’t so helpful and –stats doesn’t make it any more helpful because there is no stats info coming back from the server. So then you stare at it for a while, curse the LDAP format, maybe twirl your pencil, try to figure out who to send it to to tell you what is wrong with it (and I am not the person despite the hundreds of requests I get to look at LDAP filters…). Etc etc etc ad nauseum… Until finally you paste it into notepad or some other text editor and start manually breaking it up…

I was doing that for like the thousandth time in my career and said, god, someone should write a tool that can parse this out like my AdFind does for the STATS output… and then I sat back, smacked my forehead. Yes, I am not always super bright with things I personally need…  So I started looking at the AdFind source to see how easy I could break this little functionality out of that portion of my code. When I did that I also reworked the parsing logic because quite frankly, it did not follow the K.I.S.S philosophy of “Keep It Simple Dumbass”. The new function is cleaner and more stable.

So now you can do something like

F:\Dev\Current\CPP\AdFind\Debug>adfind -filterbreakdown "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))((!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))"

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) November 2008

Filter Breakdown:

(&
  (mailnickname=*)
  (|
    (&
      (objectCategory=person)
      (objectClass=user)
      (!
        (homeMDB=*)
      )
      (
       (!
         (msExchHomeServerName=*)
       )
      )
      (&
        (objectCategory=person)
        (objectClass=user)
        (|
          (homeMDB=*)
          (msExchHomeServerName=*)
        )
      )
      (&
        (objectCategory=person)
        (objectClass=contact)
      )
      (objectCategory=group)
      (objectCategory=publicFolder)
      (objectCategory=msExchDynamicDistributionList)
    )
  )

WARNING: Parens don’t match up properly, not all open
         parens were matched with close parens.

Note: This is not necessarily the filter that the query processor will
      process, instead it is a simple text parsing of the supplied filter.

 

And here is the same filter without the mistake

F:\Dev\Current\CPP\AdFind\Debug>adfind -filterbreakdown "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|
(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))"

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) November 2008

Filter Breakdown:

(&
  (mailnickname=*)
  (|
    (&
      (objectCategory=person)
      (objectClass=user)
      (!
        (homeMDB=*)
      )
      (!
        (msExchHomeServerName=*)
      )
    )
    (&
      (objectCategory=person)
      (objectClass=user)
      (|
        (homeMDB=*)
        (msExchHomeServerName=*)
      )
    )
    (&
      (objectCategory=person)
      (objectClass=contact)
    )
    (objectCategory=group)
    (objectCategory=publicFolder)
    (objectCategory=msExchDynamicDistributionList)
  )
)

Note: This is not necessarily the filter that the query processor will
      process, instead it is a simple text parsing of the supplied filter.

 

Still not the EASIEST to see the problem but it is a heck of lot easier to see than it was before.

Here is an example of a non-Exchange related filter

(&(&(objectcategory=person)(objectclass=user)(!(cn=_*))(!(userAccountControl:1.2.840.113556.1.4.803:=65536))(!(isCriticalSystemObject=TRUE)))(&(whenChanged<=20081120000000.0Z)(|(&(whenCreated<=20080926000000.0Z)(|(&(pwdLastSet<=128669508314632476)(lastlogontimestamp<=128669508314632476))(&(pwdLastSet<=128617668314632476)(pwdLastSet>=1))(&(lastlogontimestamp=*)(pwdLastSet=0)(lastlogontimestamp<=128669508314632476))))(&(!(lastlogontimestamp=*))(pwdLastSet=0)(whenCreated<=20081026000000.0Z)))))

and here it is after going through the filter breakdown in AdFind…

(&
  (&
    (objectcategory=person)
    (objectclass=user)
    (!
      (cn=_*)
    )
    (!
      (userAccountControl:1.2.840.113556.1.4.803:=65536)
    )
    (!
      (isCriticalSystemObject=TRUE)
    )
  )
  (&
    (whenChanged<=20081120000000.0Z)
    (|
      (&
        (whenCreated<=20080926000000.0Z)
        (|
          (&
            (pwdLastSet<=128669508314632476)
            (lastlogontimestamp<=128669508314632476)
          )
          (&
            (pwdLastSet<=128617668314632476)
            (pwdLastSet>=1)
          )
          (&
            (lastlogontimestamp=*)
            (pwdLastSet=0)
            (lastlogontimestamp<=128669508314632476)
          )
        )
      )
      (&
        (!
          (lastlogontimestamp=*)
        )
        (pwdLastSet=0)
        (whenCreated<=20081026000000.0Z)
      )
    )
  )
)

Its actually sort of readable!!!

This is but one cool change amongst a bunch of changes in the new version of AdFind. As mentioned previously, the goal for the release of AdFind V01.39.00 is sometime towards the end of December.

 

   joe

Rating 3.00 out of 5

Congratulations Mom!

by @ 8:11 pm. Filed under general

My mom has retired from the State of Michigan. I am very excited for her as she can now go on to other challenges. Though I doubt any challenge could be as great as the challenge of working in the Department of Social Services for the State of Michigan for as long as she did.

So far her plans are to clean her house really well, start spending more time making video slide shows on the computer for weddings, etc (as a business), and making jewelry and selling it.

I think she has a lot of fun in front of her and look forward to her being able to relax and not worry about all of the people she used to have to worry about for her job.

Rating 3.00 out of 5

Vision in the heart

by @ 8:06 pm. Filed under quotes

The thoughtless, the ignorant, and the indolent, seeing only the apparent effects of things and not the things themselves, talk of luck, of fortune, and chance. Seeing a man grow rich, they say, “How lucky he is!” Observing another become intellectual, they exclaim, “How highly favored he is!” And noting the saintly character and wide influence of another, they remark, “How chance aids him at every turn!”

They do not see the trials and failures and struggles which these men have voluntarily encountered in order to gain their experience; have no knowledge of the sacrifices they have made, of the faith they have exercised, that they might overcome the apparently insurmountable, and realize the vision in their heart.

    – James Allen (As a Man Thinketh)

Rating 3.00 out of 5

It’s a sad day… At least for me.

by @ 2:44 am. Filed under tech

I received my complementary copy of Active Directory Fourth Edition today and noted that it is now IN STOCK on Amazon.com

http://www.amazon.com/Active-Directory-Designing-Deploying-Running/dp/059652059X/ref=sr_1_1?ie=UTF8&s=books&qid=1227681383&sr=8-1

 

My version of the book is now officially dead. :o(

 

At some point possibly Brian will outline what is different about his edition of the book. It will most likely be posted to his blog which you can find here

http://briandesmond.com/

 

   joe

Rating 3.00 out of 5

Just a bug people… Unbunch your panties…

by @ 1:15 am. Filed under tech

If I already have administrative or extremely privileged rights on a box, an “exploit” that can do things to the kernel is just a normal bug… Don’t get too excited about it.

 

I am talking about this article…

http://redmondmag.com/news/article.asp?editorialsid=10415

Rating 3.00 out of 5

11/21/2008

CEO’s and other executives in our country have a lot to learn…

by @ 4:20 pm. Filed under general

This is how a leader of a company should lead.

http://www.cnn.com/video/#/video/business/2008/11/02/lah.japan.ceo.pay.cut.cnn

Rating 3.00 out of 5

11/18/2008

This is pretty stupid

by @ 2:23 pm. Filed under tech

When I heard about the naming of the Windows OSes following version numbers I was pretty excited…. Gone were Windows Vista, Windows Me, Windows 95/98, Windows XP, Windows 2000, Windows Server 2003, Windows Server 2003 R2, etc. Long live Windows 7, Windows 8, Windows 9, etc.

Imagine my chagrin as I start reading that the next version of the OS, Windows 7 will come out as Windows 7 Client and …. Windows Server 2008 R2…

So the new name of the OS is Windows 7 except for where it is Windows Server 2008 R2… That certainly is going to help the confusion. Here I thought it was about finally getting to a decent naming scheme but maybe Apple is right in their commercials, it is just about MSFT trying to distance themselves from the perception of failure associated with the Vista name.

 

Brilliant move Microsoft. 🙁

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]