I would point out you can do something like this with repadmin today. Repadmin /showattr is the switch of choice here, and note the DC_LIST parameter. Repadmin /listhelp will help you craft a dc_list that lets you issue a search filter against many DCs.
~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, October 14, 2004 6:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] Windows IT Pro Magazine and requests for modifications Adfind will only work against a single server (and to any referred servers). Something like this would be an entirely different tool and would have to be multithreaded to have any kind of realistic performance once you got above 30 or so DCs with just a few IDs. I am kind of curious what the end result you are looking for though or for what purpose. I.E. What would be the thing that was helpful to you if you knew a list of DCs where IDs had lots of bad passwords at? Lockouts are usually traced onesy-twosy so this doesn't seem to fit. And that can actually still be done fairly efficiently singlethreaded though it is much better done multithreaded. I am also, as an aside, trying to visualize a generic reason to do an ldap query against all DCs in a domain from one command. That is something that might fit into the realm of something adfind should do but the results would be rather confusing I think. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Sunday, October 10, 2004 3:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] Windows IT Pro Magazine and requests for modifications Maybe this is a feature request or already implemented I don't know but here it goes. Could ADFind go after all domain controllers and retrieve the persons or a collective bunch of people badpassword count attribute value. According to the docs I've noticed this attribute isn't replicated and is a bit of a pain to collective manually for a bunch of people. I know about the LockoutStatus tool by MS but that is for only one person. Doesn't help when doing 100+. Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, October 07, 2004 3:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] [OT] Windows IT Pro Magazine and requests for modifications In case you haven't noticed, Windows NT Mag got renamed yet again. Now it is the Windows IT Pro mag and is on newsstands now. Robbie has a good article in there about AD command line tools. :o) Also FYI, completely redesigned my website. Any update requests for admod/adfind/oldcmp and any of the others that you feel you really want, send now as I will be finishing up a book tech review pretty quickly and looking to do something creative. joe List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
