joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

12/15/2017

Happy Birthday Active Directory

by @ 8:53 am. Filed under general, tech

Active Directory is now an adult. It RTM’ed 18 years ago today, December 15th 1999.

Rating 4.71 out of 5

11/12/2017

AdMod

by @ 2:27 pm. Filed under general

As I find myself digging through the AdMod source code adding functionality and fixing small bugs here and there I realize that someone much smarter than I wrote the original version. And paradoxically I am the only one who has ever seen, let alone touch, this source code…

Back when writing a lot of this code I got to spend 4-5 hours a night for weeks on end working on it so I could become one with the code. That is much more difficult now as I have moved up the in responsibility for work and added additional home tasks.

All in all… It is quite amazing what the ability to focus on something for an extended time can do for your intelligence level regarding that something.

I am kind of in awe of the power I put into the tool if you really are familiar with the switches etc. Especially all of the CSV/Variable Expansion stuff. It is so rare that I even use it to the full level that it is capable.

  joe

Rating 4.71 out of 5

11/11/2017

Enabling AD Recycle Bin the easy way…

by @ 9:46 pm. Filed under general

AdMod work is coming along nicely…

E:\DEV\cpp\vs\AdMod\Debug>adfind -hh . -partitions -s base -alldc

AdFind V01.51.00cpp Joe Richards (support@joeware.net) October 2017

Using server: elitebook:389
Directory: Windows Server 2016 ADLDS
Base DN: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}

dn:CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> objectClass: top
> objectClass: crossRefContainer
> cn: Partitions
> distinguishedName: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> instanceType: 4 [WRITABLE(4)]
> whenCreated: 2017/02/05-15:56:25 Eastern Standard Time
> whenChanged: 2017/11/11-20:37:43 Eastern Standard Time
> uSNCreated: 4112
> uSNChanged: 94236
> showInAdvancedViewOnly: TRUE
> name: Partitions
> objectGUID: {9F28B3F2-2E0A-4814-B94A-E0D0825DE4CC}
> fSMORoleOwner: CN=NTDS Settings,CN=ELITEBOOK$BASIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> systemFlags: -2147483648 [NO_DELETE(2147483648)]
> objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> dSCorePropagationData: 1601/01/01-00:00:00 UTC
> msDS-Behavior-Version: 3 [Windows Server 2008 Mode]

1 Objects returned

[Sat 11/11/2017 20:40:27.31]
E:\DEV\cpp\vs\AdMod\Debug>adfind -hh . -partitions -s base -dsq | admod -hh . msDS-Behavior-Version::7 -exterr
Visual Leak Detector read settings from: E:\DEV\cpp\vs\AdMod\Debug\vld.ini

AdMod V01.20.00cpp **BETA** Joe Richards (support@joeware.net) November 2017

DN Count: 1
Using server: elitebook:389
Directory: Windows Server 2016 ADLDS

Modifying specified objects…
   DN: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}…

The command completed successfully

[Sat 11/11/2017 20:40:39.19]
E:\DEV\cpp\vs\AdMod\Debug>adfind -hh . -partitions -s base -alldc

AdFind V01.51.00cpp Joe Richards (support@joeware.net) October 2017

Using server: elitebook:389
Directory: Windows Server 2016 ADLDS
Base DN: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}

dn:CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> objectClass: top
> objectClass: crossRefContainer
> cn: Partitions
> distinguishedName: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> instanceType: 4 [WRITABLE(4)]
> whenCreated: 2017/02/05-15:56:25 Eastern Standard Time
> whenChanged: 2017/11/11-20:40:38 Eastern Standard Time
> uSNCreated: 4112
> uSNChanged: 94237
> showInAdvancedViewOnly: TRUE
> name: Partitions
> objectGUID: {9F28B3F2-2E0A-4814-B94A-E0D0825DE4CC}
> fSMORoleOwner: CN=NTDS Settings,CN=ELITEBOOK$BASIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> systemFlags: -2147483648 [NO_DELETE(2147483648)]
> objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> dSCorePropagationData: 1601/01/01-00:00:00 UTC
> msDS-Behavior-Version: 7 [Windows Server 2016 Mode]

1 Objects returned

[Sat 11/11/2017 20:40:41.18]
E:\DEV\cpp\vs\AdMod\Debug>admod -hh . -sc enablerecyclebin
Visual Leak Detector read settings from: E:\DEV\cpp\vs\AdMod\Debug\vld.ini

AdMod V01.20.00cpp **BETA** Joe Richards (support@joeware.net) November 2017

Modifying ROOTDSE…
DN Count: 1
Using server: elitebook:389
Directory: Windows Server 2016 ADLDS

Modifying specified objects…
   DN: ROOTDSE…

The command completed successfully

[Sat 11/11/2017 20:41:14.03]
E:\DEV\cpp\vs\AdMod\Debug>adfind -hh . -partitions -s base -alldc

AdFind V01.51.00cpp Joe Richards (support@joeware.net) October 2017

Using server: elitebook:389
Directory: Windows Server 2016 ADLDS
Base DN: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}

dn:CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> objectClass: top
> objectClass: crossRefContainer
> cn: Partitions
> distinguishedName: CN=Partitions,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> instanceType: 4 [WRITABLE(4)]
> whenCreated: 2017/02/05-15:56:25 Eastern Standard Time
> whenChanged: 2017/11/11-20:41:13 Eastern Standard Time
> uSNCreated: 4112
> uSNChanged: 94239
> showInAdvancedViewOnly: TRUE
> name: Partitions
> objectGUID: {9F28B3F2-2E0A-4814-B94A-E0D0825DE4CC}
> fSMORoleOwner: CN=NTDS Settings,CN=ELITEBOOK$BASIC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> systemFlags: -2147483648 [NO_DELETE(2147483648)]
> objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}
> dSCorePropagationData: 1601/01/01-00:00:00 UTC
>msDS-Behavior-Version: 7 [Windows Server 2016 Mode]
> msDS-EnabledFeature: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN={8B255D0C-7730-457D-9A5E-82920B5A0B85}

1 Objects returned

Rating 4.60 out of 5

11/2/2017

Holy crap…

by @ 9:43 pm. Filed under general

…AdMod just compiled start to finish under Visual Studio 2017…

Only 3 evenings of fixing compiler errors and linker errors!

I mean the code base is a lot smaller than AdFind (I like it smaller because it is doing more critical things, naming changing stuff in AD), but still I expected at least a full week of evenings before a successful compile. Smile 

   joe

Rating 4.60 out of 5

10/31/2017

This should be interesting… AdMod is in the garage…

by @ 10:43 pm. Filed under general

Started the port of AdMod from C++ Builder to Visual Studio 2017… This will be much more difficult and involved than AdFind, no room for mistakes in AdMod since it actually changes things. I need to get this done though, using DSACLS to update security descriptors in AD pisses me off every single time I do it which is way too much right now.

//*  V01.20.00   2017.10.31  10/31  o Started port to Visual Studio         *

Rating 4.60 out of 5

AdFind V01.51.00 Released–Happy Halloween! :)

by @ 1:00 am. Tags:
Filed under general, updates

I have released AdFind V01.51.00.

This release has a group of bug fixes and memory leaks that I found over the last couple of months related to the port/conversion to Visual Studio C++.

In addition I have added quite a few attributes to the list of decoded attributes including wellKnownObjects, dSASignature, several Exchange attributes, and msDS-TrustForestTrustInfo which I previously reported helped me find a bug in NETDOM.

I have worked to squeeze some more speed out of it for larger directory queries and around SID resolution which seems to be especially noticeable over slow VPN connections. If you ever resolve the SIDs in the tokengroups attribute you should find a considerable increase in performance. Using this daily I have seen very large tokengroups lists go from taking a couple of minutes to resolve over VPN to taking only seconds.

Kind of a funny item that I “fixed” that I never expected to get the email volume I have received was for the main ICON for the application. When I switched to Visual Studio the main ICON that was used for the executable in the past changed from the previous ICON (auto inserted by C++ Builder) to a generic application ICON. I have dug the main ICON out of V01.49.00 and added it to the application again so please no more emails about the missing ICON. Open-mouthed smile 

I have added several new switches including:

-ametanl, –vmetanl  : metadata switches to control how the output looks

-metamvcsv, -metamvcsva, –metamvcsvv  : switches to further control metadata output allowing you to specify which fields and outputs in MV CSV format.

-jsd, -jsdnl, -jsde, –jsdenl, -sddl+++/-sddc+++, –sddl3 : Security Descriptor decode switches.

-adminrootdse : Additional rootdse attributes that are only available to admins.

Added several shortcuts including:

cexplaces,caclnoinherit: Security Descriptor shortcuts (guess what I have been doing a lot of lately?)

structdmp/dump : Best effort dump of general AD container structure.

fgpps/psos : Dump Password Settings Objects

Get AdFind V01.51.00 at http://www.joeware.net/freetools/tools/adfind

   joe

Rating 4.71 out of 5

10/29/2017

Coming soon to a joeware.net website near you…

by @ 2:11 pm. Filed under general

…AdFind V01.51.00.

Rating 4.00 out of 5

9/23/2017

Visual Studio 2017 and Visual Leak Detector

by @ 6:21 pm. Filed under tech

Visual Leak Detector is very cool. Great open source project. It is on CodePlex (https://vld.codeplex.com/) but since that is shutting down it appears to have moved to GIT (https://github.com/developkits/VisualLeakDetector).

The latest version (2.5.1) didn’t originally work fully with Visual Studio. BY default it only listed offsets versus full function names and line numbers.

Luckily I found a real useful post on CodePlex that explained how to “fix” it at https://vld.codeplex.com/discussions/662076.

Basically you need to copy the new VS2017 dbghelp.dll files to the proper folders.

Specifically look in the folder

%ProgramFiles(x86)%\Microsoft Visual Studio\2017\<VERSION>\Common7\IDE\CommonExtensions\Microsoft\TestWindow\Extensions\CppUnitFramework

for dbghelp.dll (32 bit version) and x64\dbghelp.dll (64 bit version)

and copy them to

%ProgramFiles(x86)%\Visual Leak Detector\bin\Win32 (32 bit version)

and

%ProgramFiles(x86)%\Visual Leak Detector\bin\Win64 (64 bit version)

Rating 4.50 out of 5

9/22/2017

Using Restricted Groups GPO for Domain Groups

by @ 11:22 pm. Filed under tech

DO NOT DO IT!

JUST STOP!

DON’T!!!

NO!!!

It is such a bad idea and it isn’t security. You want security, clean up access rights so the wrong people can’t modify the groups in the first place. If you don’t trust your admins, you need to fire them and get admins you do trust.

Here is what Microsoft has to say about it:

Managing membership of Domain Groups by using Restricted Groups

Microsoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.

https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups

Seriously… Don’t do it.

   joe

Rating 4.33 out of 5

NETDOM bug for /namesuffixes switch

by @ 11:04 pm. Filed under tech

A bit of a bug there Microsoft…

[Fri 09/22/2017 22:50:53.57]
C:\>netdom trust k16tst.test.loc /namesuffixes:k16tst2.test.loc
   Name, Type, Status, Notes
1. *.hello.k16tst2.test.loc, Exclusion
2. *.k16tst2.test.loc, Name Suffix, Admin-Disabled
3. k16tst2.test.loc, Domain DNS name, Enabled
4. K16TST2, Domain NetBIOS name, Admin-Disabled, For k16tst2.test.loc
5. s-1-5-21-2034487785–2134286760–1379125265, Domain SID, Admin-Disabled, For k16tst2.test.loc

The command completed successfully.

VERSUS

[Fri 09/22/2017 22:26:24.74]+
E:\DEV\cpp\vs\AdFind>release\adfind -f objectclass=trusteddomain msds-trustforesttrustinfo -samdc

AdFind V01.51.00cpp (beta) Joe Richards (support@joeware.net) September 2017

Using server: K16TST-DC1.k16tst.test.loc:389
Directory: Windows Server 2016
Base DN: DC=k16tst,DC=test,DC=loc

dn:CN=k16tstchld.k16tst.test.loc,CN=System,DC=k16tst,DC=test,DC=loc

dn:CN=k16tst2.test.loc,CN=System,DC=k16tst,DC=test,DC=loc
> msDS-TrustForestTrustInfo: Version=1 Entries=3
> msDS-TrustForestTrustInfo: Record=0 Type=TLN_EXCL Flags=0 TopLevelName=hello.k16tst2.test.loc
> msDS-TrustForestTrustInfo: Record=1 Type=TLN_INCL Flags=2 TopLevelName=k16tst2.test.loc [TLN_DISABLED_ADMIN]
> msDS-TrustForestTrustInfo: Record=2 Type=DOMINF Flags=5 DNSName=k16tst2.test.loc NetBIOSName=K16TST2 [NB_DISABLED_ADMIN] SID=S-1-5-21-2034487785-2160680536-2915842031 [SID_DISABLED_ADMIN]

2 Objects returned

Where do you ask??

5. s-1-5-21-2034487785–2134286760–1379125265, Domain SID, Admin-Disabled, For k16tst2.test.loc

>msDS-TrustForestTrustInfo: Record=2 Type=DOMINF Flags=5 DNSName=k16tst2.test.loc NetBIOSName=K16TST2 [NB_DISABLED_ADMIN] SID=S-1-5-21-2034487785-2160680536-2915842031 [SID_DISABLED_ADMIN]

[Fri 09/22/2017 22:26:40.65]+
E:\DEV\cpp\vs\AdFind>sidtoname S-1-5-21-2034487785-2160680536-2915842031 k16tst.test.loc

SidToName V02.00.00cpp Joe Richards (joe@joeware.net) March 2003

[Domain]: K16TST2

The command completed successfully.

Rating 4.00 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]