RE: [ActiveDir] LDAPS SRV Records?
On the DNS server option, a couple of interesting things when I relooked at the API (on a lunch break this time Deji ;oP ) It doesn't let you specify the server to make the change on, only the server to send the FAZ (Find Auth Zone) request. I would have to play with that to see how that might cause an issue. Also Microsoft did something they don't normally do and they changed the da** format of the parameter between 2K/K3/XP and Vista/Longhorn. So I would have to add additional code to determine OS version. RE: the forreal. Well yes, someone could delete all records, but not with a single command from DNSSRVRec without specifying each SRV record individually. You can't do a zone *.*. Again, it doesn't look anything up, it simply sends the command you send so if you want all _ldap._tcp.dc._msdcs.dom.com you can send that in a clear and bang they are gone, but you just asked for that to happen so I expect you would be disappointed if they didn't go away. Not sure why you would say /clear _ldap._tcp.dc._msdcs.dom.com unless that is what you intended. Am I missing something here? On the config file, that is exactly how nsupdate works now. It doesn't have the defaults that you mention in the 'also', but you can write to a file exactly what you want done for records and it does it. I am definitely working through my head possible variations that would be cool/fun to have for it though. I was pinged offline from a list member about the possibility of doing other types of records, not just SRV records. Can anyone see that being valuable to them and could you explain why? I am waiting for the response from that list member as well. The intent wasn't reallyto write a DNS management tool but I guess if nothing else is really fitting the bill, maybe its needed? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh ParmarSent: Monday, January 16, 2006 5:17 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAPS SRV Records? joe,Thanks for the link.As you mentioned, adding DNS server option turned out to be quite trickier, why not one server at a time. I know it makes sense to add/delete same records on multiple servers, but who says they can't be serialized. After all, it is not that time critical operation.For CLEAR switch, I was trying to say that, someone can accidentally delete ALL the records related to domain or site and make clients who are primarily pointing at that DNS server suffer, for the time those records are re registered/replicated back again.For config file, my idea was that, if you provide a way to specify server and read SRV operations from a file. (something like ldifde.exe). I could create a config file in which I could list down all the operations/records I want to manage. of course, this can be scripted and given to DNSSrvRec as command line options, but putting all together in a file where each operation is separated on single line, would give nice readability. (something like LDF file)Also, like adfind.exe if we can define some defaults for port,weight and ttl etc. in config file which are used for same RUN of the command.Currently what I am doing is, preparing a excel sheet containing all the sites in my forest and manually defining the priority order in which clients in each site will get authenticated by DCs (like first same site DCs, then nearest site DCs, basically making sure clients never have to look for generic SRV records). Afterwards based on this sheet, I will prepare a list of SRV records to create/delete on each DNS server and push those SRV records to respective servers.--Kamlesh On 1/16/06, joe [EMAIL PROTECTED] wrote: Hi Kamlesh, you can get the initial version at http://www.joeware.net/win/free/tools/DNSSrvRec.htm.I posted it to the site last night and announced on my blog, there are over 50 downloadsalready which surprises me a bit. The initial version does not let you specify the DNS Server to make the change in. I had started to add it and backed out as I wanted to think over the whole SOA portion of it plus if I want to handle sending to multiple servers at the same time and how to handle the errors coming back. This is all I have for specifying specific servers at the moment, a commented out insertion to validate the command. // ValidOptions.push_back(L"dnssrv"); // Which DNS Server(s) Not sure what you are hoping for out of the clear option in terms of forreal. The tool doesn't look records up first and then clear then one by one. It simply sendsa singleclear command for the DNS Name, that is an option for one of the functions. Having a forreal option would only basically echo what you sent in via the parameters. I might consider having it try to pull the record first and then display what would get wiped out. But that brings up even more questions on the specifyingmultiple DNS servers thoughts.
RE: [ActiveDir] LDAPS SRV Records?
Hi Kamlesh, you can get the initial version athttp://www.joeware.net/win/free/tools/DNSSrvRec.htm.I posted it to the site last night and announced on my blog, there are over 50 downloadsalready which surprises me a bit. The initial version does not let you specify the DNS Server to make the change in. I had started to add it and backed out as I wanted to think over the whole SOA portion of it plus if I want to handle sending to multiple servers at the same time and how to handle the errors coming back. This is all I have for specifying specific servers at the moment, a commented out insertion to validate the command. // ValidOptions.push_back(L"dnssrv"); // Which DNS Server(s) Not sure what you are hoping for out of the clear option in terms of forreal. The tool doesn't look records up first and then clear then one by one. It simply sendsa singleclear command for the DNS Name, that is an option for one of the functions. Having a forreal option would only basically echo what you sent in via the parameters. I might consider having it try to pull the record first and then display what would get wiped out. But that brings up even more questions on the specifyingmultiple DNS servers thoughts. Like what kind of ops are you talking about taking from a config file? Like a script of records to add? This could be an interesting idea. A script of generic records that you specify the actual host name to resolve to on the command line with. Of course this could easily be wrapped in a script or batch file as well initially. Download it and any other thoughts about it send my way. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh ParmarSent: Monday, January 16, 2006 1:59 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAPS SRV Records? joe, nice work !!In fact, I was playing with dnscmd.exe for same purpose not for LDAPS but other authentication records...(If you remember the thread about custom SRV priority per dc per site basis.)I was planning for creating a HTA wrapper around dnscmd.exe for CLI-challenged. But I am not happy with the error reporting of dnscmd.exe, so was thinking of testing WMI class for DNS RR management, and now you created the utility. :-)I would like to register as pre-beta tester. :-)Looking at the current usage screen you provided, I have some queries top of my head.* Can we specify DNS server to make change on? (stupid of me to even suggest this. Just trying to make a redundant entry in your to-do list :-))* Can we have switch -FORREAL specially for clear option. (I know, DCs will recreate records in next refresh cycle, still there will be a resolution issue for a small period)* Can we have SRV operations taken from config file, like we have it for latest adfind.exe ?Just trying to participate :-)--Kamlesh On 1/15/06, joe [EMAIL PROTECTED] wrote: I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636: 2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ( [EMAIL PROTECTED]) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com_ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636: 2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] ) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 T
Re: [ActiveDir] LDAPS SRV Records?
joe, Thanks for the link. As you mentioned, adding DNS server option turned out to be quite trickier, why not one server at a time. I know it makes sense to add/delete same records on multiple servers, but who says they can't be serialized. After all, it is not that time critical operation. For CLEAR switch, I was trying to say that, someone can accidentally delete ALL the records related to domain or site and make clients who are primarily pointing at that DNS server suffer, for the time those records are re registered/replicated back again. For config file, my idea was that, if you provide a way to specify server and read SRV operations from a file. (something like ldifde.exe). I could create a config file in which I could list down all the operations/records I want to manage. of course, this can be scripted and given to DNSSrvRec as command line options, but putting all together in a file where each operation is separated on single line, would give nice readability. (something like LDF file) Also, like adfind.exe if we can define some defaults for port,weight and ttl etc. in config file which are used for same RUN of the command. Currently what I am doing is, preparing a excel sheet containing all the sites in my forest and manually defining the priority order in which clients in each site will get authenticated by DCs (like first same site DCs, then nearest site DCs, basically making sure clients never have to look for generic SRV records). Afterwards based on this sheet, I will prepare a list of SRV records to create/delete on each DNS server and push those SRV records to respective servers. -- Kamlesh On 1/16/06, joe [EMAIL PROTECTED] wrote: Hi Kamlesh, you can get the initial version at http://www.joeware.net/win/free/tools/DNSSrvRec.htm.I posted it to the site last night and announced on my blog, there are over 50 downloadsalready which surprises me a bit. The initial version does not let you specify the DNS Server to make the change in. I had started to add it and backed out as I wanted to think over the whole SOA portion of it plus if I want to handle sending to multiple servers at the same time and how to handle the errors coming back. This is all I have for specifying specific servers at the moment, a commented out insertion to validate the command. // ValidOptions.push_back(Ldnssrv); // Which DNS Server(s) Not sure what you are hoping for out of the clear option in terms of forreal. The tool doesn't look records up first and then clear then one by one. It simply sendsa singleclear command for the DNS Name, that is an option for one of the functions. Having a forreal option would only basically echo what you sent in via the parameters. I might consider having it try to pull the record first and then display what would get wiped out. But that brings up even more questions on the specifyingmultiple DNS servers thoughts. Like what kind of ops are you talking about taking from a config file? Like a script of records to add? This could be an interesting idea. A script of generic records that you specify the actual host name to resolve to on the command line with. Of course this could easily be wrapped in a script or batch file as well initially. Download it and any other thoughts about it send my way. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kamlesh ParmarSent: Monday, January 16, 2006 1:59 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] LDAPS SRV Records? joe, nice work !!In fact, I was playing with dnscmd.exe for same purpose not for LDAPS but other authentication records...(If you remember the thread about custom SRV priority per dc per site basis.)I was planning for creating a HTA wrapper around dnscmd.exe for CLI-challenged. But I am not happy with the error reporting of dnscmd.exe, so was thinking of testing WMI class for DNS RR management, and now you created the utility. :-)I would like to register as pre-beta tester. :-)Looking at the current usage screen you provided, I have some queries top of my head.* Can we specify DNS server to make change on? (stupid of me to even suggest this. Just trying to make a redundant entry in your to-do list :-))* Can we have switch -FORREAL specially for clear option. (I know, DCs will recreate records in next refresh cycle, still there will be a resolution issue for a small period)* Can we have SRV operations taken from config file, like we have it for latest adfind.exe ?Just trying to participate :-)--Kamlesh On 1/15/06, joe [EMAIL PROTECTED] wrote: I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10
RE: [ActiveDir] LDAPS SRV Records?
Title: LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com_ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Usage:DNSSrvRec [switches] Switches: (designated by - or /) -clear xx Clear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format: aaa:bb:cc:dd:ee:fff aaa - DNS Name (_ldaps._tcp.dom.com) bb - TTL Value (300) cc - Priority (0) dd - Weight (100) ee - Port (636) fff - Host Name (somedc.dom.com) -delim Delimiter to separate values in DNS Record. -mrdelim Delimiter to separate multiple DNS Records. Notes: You can have multiple actions (add/delete/clear/replace) in a single command, they will be processed in the order clear, replace delete, and add. Ex1: DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Add DNS SRV Record _ldaps._tcp.dc._msdcs.joe.com with TTL=600, priority=0, weight=100, port=636, and hostname of 2k3dc01.joe.com Ex2: (command is all one line) DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com; _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com Add 2 DNS SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex3: DNSSrvRec -delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Delete specified specific DNS SRV Record. Ex4: DNSSrvRec -clear _ldaps._tcp.dc._msdcs.joe.com Clear all SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex5: DNSSrvRec -replace _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Replace all SRV Records for _ldaps._tcp.dc._msdcs.joe.com with specified record. I do not warrant this software to be fit for any purpose or use andI do not guarantee that it will not damage and/or destroy your system. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Saturday, January 14, 2006 12:50 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAPS SRV Records? Hey Brandon. The call that something like IPCONFIG /REGISTERDNSuses is *probably* I_NetLogonControl2 with NETLOGON_CONTROL_FORCE_DNS_REG. That just tells a DC to reregister its records. Nothing to do with what records are actually registered for a DC. You definitely don't want
RE: [ActiveDir] LDAPS SRV Records?
Title: LDAPS SRV Records? nice job joe! I couldn't sleep either, so I did some reading and watched a movie :-) Let's see what else you could do when you can't sleep: anyone have some more ideas for joe? :-)) /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Sonntag, 15. Januar 2006 09:35To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com_ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Usage:DNSSrvRec [switches] Switches: (designated by - or /) -clear xx Clear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format: aaa:bb:cc:dd:ee:fff aaa - DNS Name (_ldaps._tcp.dom.com) bb - TTL Value (300) cc - Priority (0) dd - Weight (100) ee - Port (636) fff - Host Name (somedc.dom.com) -delim Delimiter to separate values in DNS Record. -mrdelim Delimiter to separate multiple DNS Records. Notes: You can have multiple actions (add/delete/clear/replace) in a single command, they will be processed in the order clear, replace delete, and add. Ex1: DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Add DNS SRV Record _ldaps._tcp.dc._msdcs.joe.com with TTL=600, priority=0, weight=100, port=636, and hostname of 2k3dc01.joe.com Ex2: (command is all one line) DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com; _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com Add 2 DNS SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex3: DNSSrvRec -delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Delete specified specific DNS SRV Record. Ex4: DNSSrvRec -clear _ldaps._tcp.dc._msdcs.joe.com Clear all SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex5: DNSSrvRec -replace _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Replace all SRV Records for _ldaps._tcp.dc._msdcs.joe.com with specified record. I do not warrant this software to be fit for any purpose or use andI do not guarantee that it will not damage and/or destroy your system. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Saturday, January 14
RE: [ActiveDir] LDAPS SRV Records?
Title: LDAPS SRV Records? LOL. Most of my utiltities have been written because I couldn't sleep or the television shows that were on weren't enough to keep me fully engaged/entertained. I was ripping CDs to MP3's (4100 songs ripped now for my Creative Zen Sleek), watching Modern Marvels (history channel), looking through newsgroup issues, and working on the code for this. ;o) I really should have been working on something else I have been working on for a while that I originally thought of back in about 2000 that I finally started doing something aboutbut this looked like a good one nighter to get out of the way. No real committment to get it done, sense of accomplishment afterward, makes people happy. :o) joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Sunday, January 15, 2006 6:04 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAPS SRV Records? nice job joe! I couldn't sleep either, so I did some reading and watched a movie :-) Let's see what else you could do when you can't sleep: anyone have some more ideas for joe? :-)) /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Sonntag, 15. Januar 2006 09:35To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com_ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success.Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results---Total Records To Update: 2Total Records Updated : 2Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.comServer: 2k3dc01.joe.comAddress: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) January 2006 Usage:DNSSrvRec [switches] Switches: (designated by - or /) -clear xx Clear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format: aaa:bb:cc:dd:ee:fff aaa - DNS Name (_ldaps._tcp.dom.com) bb - TTL Value (300) cc - Priority (0) dd - Weight (100) ee - Port (636) fff - Host Name (somedc.dom.com) -delim Delimiter to separate values in DNS Record. -mrdelim Delimiter to separate multiple DNS Records. Notes: You can have multiple actions (add/delete/clear/replace) in a single command, they will be processed in the order clear, replace delete, and add. Ex1: DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Add DNS SRV Record _ldaps._tcp.dc._msdcs.joe.com with TTL=600, priority=0, weight=100, port=636
RE: [ActiveDir] LDAPS SRV Records?
So, which API are you relying on? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 12:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com 2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Usage: DNSSrvRec [switches] Switches: (designated by - or /) -clear xxClear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format: aaa:bb:cc:dd:ee:fff aaa - DNS Name (_ldaps._tcp.dom.com) bb - TTL Value (300) cc - Priority (0) dd - Weight (100) ee - Port (636) fff - Host Name (somedc.dom.com) -delim Delimiter to separate values in DNS Record. -mrdelim Delimiter to separate multiple DNS Records. Notes: You can have multiple actions (add/delete/clear/replace) in a single command, they will be processed in the order clear, replace delete, and add. Ex1: DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Add DNS SRV Record _ldaps._tcp.dc._msdcs.joe.com with TTL=600, priority=0, weight=100, port=636, and hostname of 2k3dc01.joe.com Ex2: (command is all one line) DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com; _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com Add 2 DNS SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex3: DNSSrvRec -delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Delete specified specific DNS SRV Record. Ex4: DNSSrvRec
RE: [ActiveDir] LDAPS SRV Records?
DnsModifyRecordsInSet and DnsReplaceRecordSet API calls. These are out of dnsapi.dll. If you look at netlogon.dll with Dependency Walker you will see 10 imports from dnsapi.dll including the two above. Looking at their defs they have the ability to add/delete/clear/replace records between them. So that is what I tested and got working. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 15, 2006 1:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? So, which API are you relying on? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 12:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com 2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Usage: DNSSrvRec [switches] Switches: (designated by - or /) -clear xxClear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format: aaa:bb:cc:dd:ee:fff aaa - DNS Name (_ldaps._tcp.dom.com) bb - TTL Value (300) cc - Priority (0) dd - Weight (100) ee - Port (636) fff - Host Name (somedc.dom.com) -delim Delimiter to separate values in DNS Record. -mrdelim Delimiter to separate multiple DNS Records. Notes: You can have multiple actions (add/delete/clear/replace) in a single command, they will be processed in the order clear, replace delete, and add. Ex1: DNSSrvRec -addrec _ldaps._tcp.dc._msdcs.joe.com:600
RE: [ActiveDir] LDAPS SRV Records?
If you look at netlogon.dll with hahaha! You make me laugh :) FYI, when *I* can't sleep, I turn to a warm body. OKOK...TMI. I was just trying to say I don't go looking inside any f-ing dll just cause I'm bored or can't sleep :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 2:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? DnsModifyRecordsInSet and DnsReplaceRecordSet API calls. These are out of dnsapi.dll. If you look at netlogon.dll with Dependency Walker you will see 10 imports from dnsapi.dll including the two above. Looking at their defs they have the ability to add/delete/clear/replace records between them. So that is what I tested and got working. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 15, 2006 1:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? So, which API are you relying on? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 12:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com 2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Usage: DNSSrvRec [switches] Switches: (designated by - or /) -clear xxClear DNS SRV records with name xx Format xx - The format for xx is a semicolon delimited list of DNS names such as _ldaps._tcp.dom.com or _ldaps._tcp.dom.com;_ldaps._tcp.child.dom.com -replace yy Replace DNS SRV records with name yy -delrec yy Delete DNS SRV records with name yy -addrec yy Add DNS SRV records with name yy Format yy - The format for yy is a semicolon delimited list of DNS Records. Each DNS record has the format
RE: [ActiveDir] LDAPS SRV Records?
I looked in the DLL the first time I responded which is why I mentioned DNSAPI.DLL. When I worked on the code last night I had all the info I needed, just had to wrap the calls and format the data properly. The fact that it would be easy and was for some old friends is why I worked on it. It really didn't take any serious thought from that point, just execution. Even you, possibly, could have done it, I imagine, if your pets didn't spike your drinks to assure a peaceful sleep. :) joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 15, 2006 6:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? If you look at netlogon.dll with hahaha! You make me laugh :) FYI, when *I* can't sleep, I turn to a warm body. OKOK...TMI. I was just trying to say I don't go looking inside any f-ing dll just cause I'm bored or can't sleep :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 2:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? DnsModifyRecordsInSet and DnsReplaceRecordSet API calls. These are out of dnsapi.dll. If you look at netlogon.dll with Dependency Walker you will see 10 imports from dnsapi.dll including the two above. Looking at their defs they have the ability to add/delete/clear/replace records between them. So that is what I tested and got working. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, January 15, 2006 1:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? So, which API are you relying on? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 1/15/2006 12:35 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I couldn't sleep this evening so I decided to test the API calls below. They work fine. :o) I have a new utility that will clear, replace, delete, and add SRV records called DNSSrvRec. I need to test it a little more when I am more awake. eg F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /addrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Adding _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc02.joe.com _ldaps._tcp.dc._msdcs.joe.com SRV service location: priority = 0 weight = 100 port = 636 svr hostname = 2k3dc01.joe.com 2k3dc01.joe.com internet address = 192.168.0.10 F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com;_ldaps._tcp.dc._ m sdcs.joe.com:600:0:100:636:2k3dc01.joe.com AddSrvRec V01.00.00cpp Joe Richards ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) January 2006 Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc02.joe.com...Success. Deleting _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com...Success. Results --- Total Records To Update: 2 Total Records Updated : 2 Total Updates Failed : 0 The command completed successfully. F:\Dev\BDSCPP\DNSSrvRec\Debug_Buildnslookup -type=srv _ldaps._tcp.dc._msdcs.joe.com Server: 2k3dc01.joe.com Address: 192.168.0.10 *** 2k3dc01.joe.com can't find _ldaps._tcp.dc._msdcs.joe.com: Non-existent domain F:\Dev\BDSCPP\DNSSrvRec\Debug_Build Here is the current usage screen. I will relook at the API calls again tomorrow or Monday and decide if I want to add any more features. F:\Dev\BDSCPP\DNSSrvRec\Debug_BuildDNSSrvRec.exe /? AddSrvRec
Re: [ActiveDir] LDAPS SRV Records?
for _ldaps._tcp.dc._msdcs.joe.com Ex3: DNSSrvRec -delrec _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Delete specified specific DNS SRV Record. Ex4: DNSSrvRec -clear _ldaps._tcp.dc._msdcs.joe.com Clear all SRV Records for _ldaps._tcp.dc._msdcs.joe.com Ex5: DNSSrvRec -replace _ldaps._tcp.dc._msdcs.joe.com:600:0:100:636:2k3dc01.joe.com Replace all SRV Records for _ldaps._tcp.dc._msdcs.joe.com with specified record. I do not warrant this software to be fit for any purpose or use andI do not guarantee that it will not damage and/or destroy your system. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of joeSent: Saturday, January 14, 2006 12:50 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAPS SRV Records? Hey Brandon. The call that something like IPCONFIG /REGISTERDNSuses is *probably* I_NetLogonControl2 with NETLOGON_CONTROL_FORCE_DNS_REG. That just tells a DC to reregister its records. Nothing to do with what records are actually registered for a DC. You definitely don't want to look into hooking into NETLOGON. First off it would have to be on the DCs which would be very difficult to get approval for even if the code could be written in a secure and stable way (doubtful since you would have to do code injection). I personally wouldn't allow it, there is no reason whythis can't bedone from another machine. Of course you could try to script around dnscmd or nsupdate. The dnscmd may be MS-DNScentric, I do not know. If it is, it may not work in your environment. Unless there has been some serious changes in DNS there nsupdate works great. I used to do a lot with DNS via perl scripts and nsupdate. Vern et alii should have some perl scripts thatI left behind that show how to use nsupdate. You could set something up with the scheduler service. Some job that runs every hour and checks to see if a certain DC (or the local DC if you can get it cleared to get it to run there) has LDAPS available and then registers the appropriate LDAPS record. At a lower level, looking about, you may be able to use the API in DNSAPI.DLL, unfortunately most of that API seems to be undocumented (when comparing the exports with MSDN)but DnsModifyRecordsInSet and DnsReplaceRecordSet look extremely promising... I would be willing to bet big that those are the calls MS is using under the covers in NetLogon. It is Windows 2000 and better so you should be safe for any machine you want to run from. Note I was pinged on this offline fromsomeone else there and put in a DCR for registering LDAPS records back in December. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bernier, Brandon (.)Sent: Friday, January 13, 2006 3:03 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon -- ~Be the change you want to see in the World~
RE: [ActiveDir] LDAPS SRV Records?
I think the functions are exposed in WinAPI and/or DNSAPI - I am NOT a programmer :) There are very likely where you'd start: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ srv_data.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ record.asp Because of the role DHCP client plays in dynamic DNS registration, I am thinking that DHCPCSVC.DLL may be in play as well. HTH Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bernier, Brandon (.) Sent: Fri 1/13/2006 12:03 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAPS SRV Records?
Title: LDAPS SRV Records? Try http://msdn.microsoft.com/library/default.asp?url=""> These are relatively new (WS2003 perhaps?) We developed our own DNS functions over Winsock. -g From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.)Sent: Friday, January 13, 2006 1:03 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon
RE: [ActiveDir] LDAPS SRV Records?
To see which service registers what see: http://support.microsoft.com/kb/q246804/ http://support.microsoft.com/default.aspx?scid=kb;EN-US;264539 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/cb7a2363-0ed6-4c7c-87ba-7cc9592a8028.mspx jorge From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Sat 2006-01-14 00:10 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I think the functions are exposed in WinAPI and/or DNSAPI - I am NOT a programmer :) There are very likely where you'd start: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ srv_data.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ record.asp Because of the role DHCP client plays in dynamic DNS registration, I am thinking that DHCPCSVC.DLL may be in play as well. HTH Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bernier, Brandon (.) Sent: Fri 1/13/2006 12:03 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. winmail.dat
RE: [ActiveDir] LDAPS SRV Records?
Jorge, I think he is looking to write his own wrapper. So, he is looking for the bits where the functions are exposed. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Almeida Pinto, Jorge de Sent: Fri 1/13/2006 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? To see which service registers what see: http://support.microsoft.com/kb/q246804/ http://support.microsoft.com/default.aspx?scid=kb;EN-US;264539 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Server Help/cb7a2363-0ed6-4c7c-87ba-7cc9592a8028.mspx jorge From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Sat 2006-01-14 00:10 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS SRV Records? I think the functions are exposed in WinAPI and/or DNSAPI - I am NOT a programmer :) There are very likely where you'd start: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ srv_data.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/dns_ record.asp Because of the role DHCP client plays in dynamic DNS registration, I am thinking that DHCPCSVC.DLL may be in play as well. HTH Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bernier, Brandon (.) Sent: Fri 1/13/2006 12:03 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAPS SRV Records?
Title: LDAPS SRV Records? Hey Brandon. The call that something like IPCONFIG /REGISTERDNSuses is *probably* I_NetLogonControl2 with NETLOGON_CONTROL_FORCE_DNS_REG. That just tells a DC to reregister its records. Nothing to do with what records are actually registered for a DC. You definitely don't want to look into hooking into NETLOGON. First off it would have to be on the DCs which would be very difficult to get approval for even if the code could be written in a secure and stable way (doubtful since you would have to do code injection). I personally wouldn't allow it, there is no reason whythis can't bedone from another machine. Of course you could try to script around dnscmd or nsupdate. The dnscmd may be MS-DNScentric, I do not know. If it is, it may not work in your environment. Unless there has been some serious changes in DNS there nsupdate works great. I used to do a lot with DNS via perl scripts and nsupdate. Vern et alii should have some perl scripts thatI left behind that show how to use nsupdate. You could set something up with the scheduler service. Some job that runs every hour and checks to see if a certain DC (or the local DC if you can get it cleared to get it to run there) has LDAPS available and then registers the appropriate LDAPS record. At a lower level, looking about, you may be able to use the API in DNSAPI.DLL, unfortunately most of that API seems to be undocumented (when comparing the exports with MSDN)but DnsModifyRecordsInSet and DnsReplaceRecordSet look extremely promising... I would be willing to bet big that those are the calls MS is using under the covers in NetLogon. It is Windows 2000 and better so you should be safe for any machine you want to run from. Note I was pinged on this offline fromsomeone else there and put in a DCR for registering LDAPS records back in December. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernier, Brandon (.)Sent: Friday, January 13, 2006 3:03 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] LDAPS SRV Records? Does anyone have an idea which Windows API does the DNS registration of SRV records for DCs? I'm very curious as to if that is a public method. The purpose is I'm looking into how feasible it is to write a Windows Service that hooks into netlogon and registers secure LDAP SRV records as needed provided the DC's can speak LDAPS. Think it's a horrible idea? Could be done better? Let me know what you think. I know the ultimate solution is a DCR, but like I said..I'm just brainstorming ideas. -Brandon
