Cool beans!
As always, thanks Joe!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Saturday, April 10, 2004 8:14 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADFIND Update - Version 1.14.0 RTW
Since several folks from this list have asked for
certain updates to adfind and I finally got off my duff and put them in. Hey
what can I say, I felt creative this
morning. ;o)
I thought I would let you all know about it. If you
don't like AD LDAP searching from the command line, just delete this post.
Quick summary of updates
o dsquery style quoted output for dn's if
specified
o sorted output and reverse sorted output, single field
sorting (AD Limitation) and you can sort on any field AD Allows. Note that this
is sorting of object order not attribute order within an object, I am thinking
up how to handle that within the code flow I have in the program.
o elapsed time display so if you want to time queries
to the nearest millisecond.
o decode certain time fields to readable local time -
fields accountExpires, badPasswordTime, creationTime, lastLogoff (currently
unused by AD), lastLogon, lastLogonTimeStamp, pwdLastSet.
o partial security descriptor decode. It doesn't
display the little ansi smiley now when you tell it to show ntsecuritydescriptor
or the msexchmailboxsecuritydescriptor or anything else that is a 2.5.5.15 type.
o show deleted items capability. Yes, every time you
wanted to see deleted items you had to go into LDP, click on connection|connect,
connection|bind|type in userid/password/domain|click and then click about 14
more times to see what was in the deleted container bin of any given
partition... No more... You can do something as simple as
adfind -default -showdel -f
isdeleted=TRUE
o It is STILL FREE.
Details...
Dean hit me up this week at the Summit that he wished
adfind would output in dsquery format since dsquery was rather limited on what
it would return... I.E. Output clean quoted text like:
[Sat 04/10/2004
20:37:06.58]
F:\DEV\cpp\AdFind>adfind -default -f "&(objectcategory=person)(objectclass=user)" -dsq
F:\DEV\cpp\AdFind>adfind -default -f "&(objectcategory=person)(objectclass=user)" -dsq
"CN=Administrator,CN=Users,DC=joe,DC=com"
"CN=Guest,CN=Users,DC=joe,DC=com"
"CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com"
"CN=krbtgt,CN=Users,DC=joe,DC=com"
"CN=$jricha34,CN=Users,DC=joe,DC=com"
"CN=$$Jricha34,CN=Users,DC=joe,DC=com"
"CN=NormalUser,CN=Users,DC=joe,DC=com"
"CN=TestUser,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
"CN=TestUser2,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
"CN=Test\,User\\Hello,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
"CN=Guest,CN=Users,DC=joe,DC=com"
"CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com"
"CN=krbtgt,CN=Users,DC=joe,DC=com"
"CN=$jricha34,CN=Users,DC=joe,DC=com"
"CN=$$Jricha34,CN=Users,DC=joe,DC=com"
"CN=NormalUser,CN=Users,DC=joe,DC=com"
"CN=TestUser,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
"CN=TestUser2,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
"CN=Test\,User\\Hello,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com"
[Sat 04/10/2004
20:37:10.56]
F:\DEV\cpp\AdFind>
F:\DEV\cpp\AdFind>
instead of
[Sat 04/10/2004
20:37:04.59]
F:\DEV\cpp\AdFind>adfind -default -f "&(objectcategory=person)(objectclass=user)" -dn
F:\DEV\cpp\AdFind>adfind -default -f "&(objectcategory=person)(objectclass=user)" -dn
AdFind V01.14.00cpp Joe Richards ([EMAIL PROTECTED])
April 2004
Using server: 2k3dc01.joe.com
Base DN: DC=joe,DC=com
Base DN: DC=joe,DC=com
dn:CN=Administrator,CN=Users,DC=joe,DC=com
dn:CN=Guest,CN=Users,DC=joe,DC=com
dn:CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com
dn:CN=krbtgt,CN=Users,DC=joe,DC=com
dn:CN=$jricha34,CN=Users,DC=joe,DC=com
dn:CN=$$Jricha34,CN=Users,DC=joe,DC=com
dn:CN=NormalUser,CN=Users,DC=joe,DC=com
dn:CN=TestUser,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=TestUser2,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=Test\,User\\Hello,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=Guest,CN=Users,DC=joe,DC=com
dn:CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com
dn:CN=krbtgt,CN=Users,DC=joe,DC=com
dn:CN=$jricha34,CN=Users,DC=joe,DC=com
dn:CN=$$Jricha34,CN=Users,DC=joe,DC=com
dn:CN=NormalUser,CN=Users,DC=joe,DC=com
dn:CN=TestUser,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=TestUser2,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=Test\,User\\Hello,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
10 Objects returned
[Sat 04/10/2004 20:37:06.58]
This allows for easier piping into some programs and
piping period into the dsget, dsmod, ds* programs. Of course they are still hard
coded limited into what they will do but at least you can use adfind to do some
controlling of them.
I have been asked for sorted output a time or two and
now, BAM, there you go. Sorted output. Note that AD doesn't allow multifield
sorting and not all fields are sortable such as distinguished
name.
Elapsed time is something I have personally always
wanted. I can now use adfind to do simple performance monitoring of query
response times on servers. Note that is elapsed time including time to display
the info. I whipped up a basic little timer class for doing this stuff which may
mean I stick this capability into more stuff if it makes
sense.
Ex:
[Sat 04/10/2004
20:50:31.48]
F:\DEV\cpp\AdFind>adfind -default -showdel -f isdeleted=TRUE -elapsed -dn
F:\DEV\cpp\AdFind>adfind -default -showdel -f isdeleted=TRUE -elapsed -dn
AdFind V01.14.00cpp Joe Richards ([EMAIL PROTECTED])
April 2004
Using server: 2k3dc01.joe.com
Base DN: DC=joe,DC=com
Base DN: DC=joe,DC=com
dn:CN=Deleted
Objects,DC=joe,DC=com
dn:CN=$jricha34\0ADEL:c4862b48-4ef1-4e4b-b203-5029b9ae89a1,CN=Deleted Objects,DC=joe,DC=com
dn:CN=2K3UTL01-hp deskjet 5600 series\0ADEL:3f49f451-ecfb-439a-9e5c-3724efcf77fc,CN=Deleted Objects,DC=joe,DC=com
dn:CN=$$Jricha34\0ADEL:5ac35b46-4388-4c85-b81c-9ce5664af458,CN=Deleted Objects,DC=joe,DC=com
dn:CN=$$Jricha34\0ADEL:e6c1046a-cec9-4396-91dd-4ffb654728b8,CN=Deleted Objects,DC=joe,DC=com
dn:CN=2K3UTL01-hp deskjet 5600 series on 2k3utl01 (from FASTMOFO)\0ADEL:0a964463-036d-4e56-8810-37e7db132c60,CN=Deleted Objects,DC=joe,DC=com
dn:CN=$jricha34\0ADEL:c4862b48-4ef1-4e4b-b203-5029b9ae89a1,CN=Deleted Objects,DC=joe,DC=com
dn:CN=2K3UTL01-hp deskjet 5600 series\0ADEL:3f49f451-ecfb-439a-9e5c-3724efcf77fc,CN=Deleted Objects,DC=joe,DC=com
dn:CN=$$Jricha34\0ADEL:5ac35b46-4388-4c85-b81c-9ce5664af458,CN=Deleted Objects,DC=joe,DC=com
dn:CN=$$Jricha34\0ADEL:e6c1046a-cec9-4396-91dd-4ffb654728b8,CN=Deleted Objects,DC=joe,DC=com
dn:CN=2K3UTL01-hp deskjet 5600 series on 2k3utl01 (from FASTMOFO)\0ADEL:0a964463-036d-4e56-8810-37e7db132c60,CN=Deleted Objects,DC=joe,DC=com
6 Objects returned
Time Elapsed (sec): 0.15
Time Elapsed (sec): 0.15
[Sat 04/10/2004
20:50:37.31]
F:\DEV\cpp\AdFind>
F:\DEV\cpp\AdFind>
Decoding time fields is pretty straightforward. I used
the standard routine I have for oldcmp and secdata which looks
like:
>badPasswordTime:
04/10/2004-14:07:45
>lastLogoff: 00/00/0000-00:00:00
>lastLogon: 04/10/2004-20:53:32
>pwdLastSet: 03/09/2004-02:56:24
>lastLogoff: 00/00/0000-00:00:00
>lastLogon: 04/10/2004-20:53:32
>pwdLastSet: 03/09/2004-02:56:24
I do a partial security descriptor decode. I am not
sure where I am going to go with this. SDs are kind of confusing for displaying
easily especially in the format ADFIND uses. So first crack at it busts the sd
up into 4 chunks, owner chunk, primary group chunk, SACL, and DACL. The output
is all SDDL which is documented in MSDN and in Robbie and Richard's book
(Managing Enterprise Active Directory Services). If you have a bright idea
about how to display that info, I am all ears.
Show deleted items capability. It has always annoyed
the heck out of me to go into LDP to do that but I kept putting off the mods to
do this in ADFIND. Now I do it and kick myself because it was only like 10 lines
of code and saves a ton of clicking in LDP. Also I need this functionality for
another project I am working out with Dean.
Do a adfind /? to see what the new switches are so you
know how to enable the new functionality.
Well that is about it. Let me know what you think. As
always, I like the feedback.
joe
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
