RE: [ActiveDir] OldCmp

[joe]

Yeah I have been thinking about that one for a while, I don't just want to do it, I would want to do it efficiently and with some measure of a guarantee which is tough, especially in large environments or environments with WAN sites (for instance, if there is one or more DCs that you can't contact, how do you make ANY decisions, you don't have all of the info). You could disable an ID that is absolutely in use, you just didn't talk to the one DC that it authenticates against. Using lastLogon can be dangerous in my opinion. lastLogonTimeStamp is also a bit touchy but at least if the DC connects occasionally the stamps should get updated. I would visualize I would have to add switches like "allow X DCs to not respond and still do something" or allow a list of DCs to be specified that if they don't respond it doesn't matter what they have to say. Of course speed and possibly memory could be impacted.   To be honest, my favorite method is to use pwdLastSet. I think folks who like to have non-expiring IDs are a bit kookoo. :o) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Saturday, November 26, 2005 11:46 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OldCmp I scanned through the list of current switches and you appear to already have everything I was going to ask for.  :)   The only item I wasn't 100% certain on was if it can query lastLogon.  I saw references to pwdLastSet and lastLogonTimeStamp.  The ability to query lastLogon would be nice for environments that aren't 2003 DFL and may not have a good password policy or for whatever reason pwdLastSet isn't a great solution by itself.  I know it's less efficient since it has to query every DC in a domain, but it's still useful in certain scenarios. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, November 26, 2005 10:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OldCmp So, other than the bug reports and requests I have received previously prior to this email, it is perfect?   Cool. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, November 18, 2005 5:38 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OldCmp Ok, so now that you have had time to play with oldcmp and you have decided you like it or maybe just simply deal with it or it really upsets you, what would you change about it?   If it were your app and you were like, I need to make this better, what things would you do to it to make it better? LIke for instance, you are sitting there and you think, man this is cool, but it would be really cool if.... "X"   I am starting to feel the urge to dig into that code again and since the first version was driven in great part by requests from this list, I figured I would ask about before going off and making changes from my own head and from previous requests or issues I have heard or assumed from things I have heard.   Ping me with an email directly at this address or the one from the usage screen.   Obviously if you have thoughts about other tools that I have out there, I always welcome those comments as well.        joe     P.S. Anyone on this list work for Borland or know someone well that works at Borland that could comp me a copy of the new Borland C++ Builder 2006 or give me a really good price break? I have a copy of Visual Studio 2005 but it just doesn't do it for me. The cool stuff[1] assumes you want to code using .NET and you know what they say about assumptions.           [1] Like quick and easy service creation and windows gui app building which BB did long ago with native code.