joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

11/26/2008

AdFind -filterbreakdown

by @ 8:13 pm. Filed under tech

So you have this big nasty LDAP filter and for some reason it isn’t working and by that I mean when you submit the query it comes back and says invalid filter or maybe it doesn’t return what you expect for the data set. You know if you could just see the filter in a “nice” format you could probably figure out what is going on…

Well certainly I have thought that on more than one occasion and usually it was Exchange or sometimes some third party app that generated that nasty LDAP filter that I had to try and figure out what was wrong with…

For example… say you have this lovely filter (some of you may recognize it…)

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

Certainly that is easy to read… (reread with sarcastic sneer…)

If you have enough permissions on the Domain Controller you can throw it through AdFind with the -stats+ or -stats+only switches and you get to see something like

Filter Breakdown:

(
(&
   (mailNickname=*)
   (|
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=user)
       (!
         (homeMDB=*)
       )
       (!
         (msExchHomeServerName=*)
       )
     )
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=user)
       (|
         (homeMDB=*)
         (msExchHomeServerName=*)
       )
     )
     (&
       (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joeware,DC=local)
       (objectClass=contact)
     )
     (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joeware,DC=local)
     (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joeware,DC=local)
     (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configuration,DC=joeware,DC=local)
   )
)
)

which is at least an order of magnitude easier to read.

But what if your filter is…

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))((!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

and you run that through AdFind…

The filter is syntactically incorrect (can you see the error?) so you will see…

ldap_get_next_page_s: [JOEWARE-DC1.joeware.local] Error 0x57 (87) – Filter Error

Yeah that isn’t so helpful and –stats doesn’t make it any more helpful because there is no stats info coming back from the server. So then you stare at it for a while, curse the LDAP format, maybe twirl your pencil, try to figure out who to send it to to tell you what is wrong with it (and I am not the person despite the hundreds of requests I get to look at LDAP filters…). Etc etc etc ad nauseum… Until finally you paste it into notepad or some other text editor and start manually breaking it up…

I was doing that for like the thousandth time in my career and said, god, someone should write a tool that can parse this out like my AdFind does for the STATS output… and then I sat back, smacked my forehead. Yes, I am not always super bright with things I personally need…  So I started looking at the AdFind source to see how easy I could break this little functionality out of that portion of my code. When I did that I also reworked the parsing logic because quite frankly, it did not follow the K.I.S.S philosophy of “Keep It Simple Dumbass”. The new function is cleaner and more stable.

So now you can do something like

F:\Dev\Current\CPP\AdFind\Debug>adfind -filterbreakdown "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))((!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))"

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) November 2008

Filter Breakdown:

(&
  (mailnickname=*)
  (|
    (&
      (objectCategory=person)
      (objectClass=user)
      (!
        (homeMDB=*)
      )
      (
       (!
         (msExchHomeServerName=*)
       )
      )
      (&
        (objectCategory=person)
        (objectClass=user)
        (|
          (homeMDB=*)
          (msExchHomeServerName=*)
        )
      )
      (&
        (objectCategory=person)
        (objectClass=contact)
      )
      (objectCategory=group)
      (objectCategory=publicFolder)
      (objectCategory=msExchDynamicDistributionList)
    )
  )

WARNING: Parens don’t match up properly, not all open
         parens were matched with close parens.

Note: This is not necessarily the filter that the query processor will
      process, instead it is a simple text parsing of the supplied filter.

 

And here is the same filter without the mistake

F:\Dev\Current\CPP\AdFind\Debug>adfind -filterbreakdown "(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|
(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))"

AdFind V01.39.00cpp ***BETA*** Joe Richards (joe@joeware.net) November 2008

Filter Breakdown:

(&
  (mailnickname=*)
  (|
    (&
      (objectCategory=person)
      (objectClass=user)
      (!
        (homeMDB=*)
      )
      (!
        (msExchHomeServerName=*)
      )
    )
    (&
      (objectCategory=person)
      (objectClass=user)
      (|
        (homeMDB=*)
        (msExchHomeServerName=*)
      )
    )
    (&
      (objectCategory=person)
      (objectClass=contact)
    )
    (objectCategory=group)
    (objectCategory=publicFolder)
    (objectCategory=msExchDynamicDistributionList)
  )
)

Note: This is not necessarily the filter that the query processor will
      process, instead it is a simple text parsing of the supplied filter.

 

Still not the EASIEST to see the problem but it is a heck of lot easier to see than it was before.

Here is an example of a non-Exchange related filter

(&(&(objectcategory=person)(objectclass=user)(!(cn=_*))(!(userAccountControl:1.2.840.113556.1.4.803:=65536))(!(isCriticalSystemObject=TRUE)))(&(whenChanged<=20081120000000.0Z)(|(&(whenCreated<=20080926000000.0Z)(|(&(pwdLastSet<=128669508314632476)(lastlogontimestamp<=128669508314632476))(&(pwdLastSet<=128617668314632476)(pwdLastSet>=1))(&(lastlogontimestamp=*)(pwdLastSet=0)(lastlogontimestamp<=128669508314632476))))(&(!(lastlogontimestamp=*))(pwdLastSet=0)(whenCreated<=20081026000000.0Z)))))

and here it is after going through the filter breakdown in AdFind…

(&
  (&
    (objectcategory=person)
    (objectclass=user)
    (!
      (cn=_*)
    )
    (!
      (userAccountControl:1.2.840.113556.1.4.803:=65536)
    )
    (!
      (isCriticalSystemObject=TRUE)
    )
  )
  (&
    (whenChanged<=20081120000000.0Z)
    (|
      (&
        (whenCreated<=20080926000000.0Z)
        (|
          (&
            (pwdLastSet<=128669508314632476)
            (lastlogontimestamp<=128669508314632476)
          )
          (&
            (pwdLastSet<=128617668314632476)
            (pwdLastSet>=1)
          )
          (&
            (lastlogontimestamp=*)
            (pwdLastSet=0)
            (lastlogontimestamp<=128669508314632476)
          )
        )
      )
      (&
        (!
          (lastlogontimestamp=*)
        )
        (pwdLastSet=0)
        (whenCreated<=20081026000000.0Z)
      )
    )
  )
)

Its actually sort of readable!!!

This is but one cool change amongst a bunch of changes in the new version of AdFind. As mentioned previously, the goal for the release of AdFind V01.39.00 is sometime towards the end of December.

 

   joe

Rating 3.00 out of 5

Congratulations Mom!

by @ 8:11 pm. Filed under general

My mom has retired from the State of Michigan. I am very excited for her as she can now go on to other challenges. Though I doubt any challenge could be as great as the challenge of working in the Department of Social Services for the State of Michigan for as long as she did.

So far her plans are to clean her house really well, start spending more time making video slide shows on the computer for weddings, etc (as a business), and making jewelry and selling it.

I think she has a lot of fun in front of her and look forward to her being able to relax and not worry about all of the people she used to have to worry about for her job.

Rating 3.00 out of 5

Vision in the heart

by @ 8:06 pm. Filed under quotes

The thoughtless, the ignorant, and the indolent, seeing only the apparent effects of things and not the things themselves, talk of luck, of fortune, and chance. Seeing a man grow rich, they say, “How lucky he is!” Observing another become intellectual, they exclaim, “How highly favored he is!” And noting the saintly character and wide influence of another, they remark, “How chance aids him at every turn!”

They do not see the trials and failures and struggles which these men have voluntarily encountered in order to gain their experience; have no knowledge of the sacrifices they have made, of the faith they have exercised, that they might overcome the apparently insurmountable, and realize the vision in their heart.

    – James Allen (As a Man Thinketh)

Rating 3.00 out of 5

It’s a sad day… At least for me.

by @ 2:44 am. Filed under tech

I received my complementary copy of Active Directory Fourth Edition today and noted that it is now IN STOCK on Amazon.com

http://www.amazon.com/Active-Directory-Designing-Deploying-Running/dp/059652059X/ref=sr_1_1?ie=UTF8&s=books&qid=1227681383&sr=8-1

 

My version of the book is now officially dead. :o(

 

At some point possibly Brian will outline what is different about his edition of the book. It will most likely be posted to his blog which you can find here

http://briandesmond.com/

 

   joe

Rating 3.00 out of 5

Just a bug people… Unbunch your panties…

by @ 1:15 am. Filed under tech

If I already have administrative or extremely privileged rights on a box, an “exploit” that can do things to the kernel is just a normal bug… Don’t get too excited about it.

 

I am talking about this article…

http://redmondmag.com/news/article.asp?editorialsid=10415

Rating 3.00 out of 5

11/21/2008

CEO’s and other executives in our country have a lot to learn…

by @ 4:20 pm. Filed under general

This is how a leader of a company should lead.

http://www.cnn.com/video/#/video/business/2008/11/02/lah.japan.ceo.pay.cut.cnn

Rating 3.00 out of 5

11/18/2008

This is pretty stupid

by @ 2:23 pm. Filed under tech

When I heard about the naming of the Windows OSes following version numbers I was pretty excited…. Gone were Windows Vista, Windows Me, Windows 95/98, Windows XP, Windows 2000, Windows Server 2003, Windows Server 2003 R2, etc. Long live Windows 7, Windows 8, Windows 9, etc.

Imagine my chagrin as I start reading that the next version of the OS, Windows 7 will come out as Windows 7 Client and …. Windows Server 2008 R2…

So the new name of the OS is Windows 7 except for where it is Windows Server 2008 R2… That certainly is going to help the confusion. Here I thought it was about finally getting to a decent naming scheme but maybe Apple is right in their commercials, it is just about MSFT trying to distance themselves from the perception of failure associated with the Vista name.

 

Brilliant move Microsoft. 🙁

Rating 3.00 out of 5

11/17/2008

The opportunity to begin again…

by @ 2:49 am. Filed under general

Failure is simply the opportunity to begin again, this time more intelligently.

I love that quote. Simply awesome. It describes the situation perfectly… If you screw up, you have now learned a way not to do something, go find a new way that takes that into account and do better. That works for your personal life as well as for business…

That is what our American auto industry needs to do. Rethink what they are doing with the past mistakes in mind and go and accomplish it. For too long we depended on vehicles that weren’t really sustainable. We knew we had an oil issue going on, yet we continued to rush ahead thinking that is the future. It was never the future, it was just something that was right now and when the oil issue got reacquainted with the American public it caught our big three auto makers entirely with their pants down. It shouldn’t have.

It is good to see more of a rush being put on the electrics and hybrids but how much better would it have been for the US if they had started that serious push 10 years ago, or 15 while the companies were blushing from the profits from the SUV’s? Instead of putting more and more money into designing SUVs, put it into the cars that were the true future. I know some work was done previously, I saw bits and pieces of it around Dearborn when I poked around there daily years ago. But it wasn’t at all being pushed to the extent it is today.

If we look at the American Auto Industry right now I think we would be silly not to consider it a failure in today’s times. They wouldn’t need the bailout if they weren’t. They spent years watching the floor dropping out of the SUV market and failed to react. They can blame it on anything in the mortgage or finance markets they want to[1] but it is the simple fact that they didn’t find a good fuel efficient car that could be made in an efficient profitable way that really buried them. At no point was it realistic to think that they would continue making money on trucks and SUVs. Toyota and Honda has been showing them a different way for many years. Hopefully the “good ol boys” have learned. I am not saying that trucks and SUVs shouldn’t have been and shouldn’t be made, quite the contrary, I just don’t think they should have been depended on as nearly the sole point of profit for the companies.

     joe

 

P.S. Oh where did that quote above come from? Give yourself a gold star if your said Henry Ford.

 

 

[1] I think there is quite a bit that could be said about sending the manufacturing and support of stuff to India and other low cost centers of the world and how that has worked to nearly destroy the big 3 but I won’t go there for now[2].

[2] Though I do think that outsourcing of IT to India is probably going to be looked back upon as one of the most stupid things America ever did when we no longer have junior level tech people to be able to grow up into senior level tech people… Instead of pushing jobs to India and other low cost centers, we should be looking at better automation and getting better more intelligent admins who are more efficient at what they do. That will be the next step likely AFTER the costs in India and other low cost centers have risen so dramatically that they can’t be afforded any longer. Smaller groups of truly good people who do far more.

Rating 3.00 out of 5

Let’s hope…

by @ 2:44 am. Filed under quotes

What’s right about America is that although we have a mess of problems, we have great capacity – intellect and resources – to do some thing about them.

    – Henry Ford

Rating 3.00 out of 5

Best Friend…

by @ 2:41 am. Filed under quotes

My best friend is the one who brings out the best in me.

    – Henry Ford

Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]