Category: 1014

Few word on objectCategory usage in LDAP filters

Reading Time: < 1 minute Recently my friend wrote simple app which is querying AD for some data, and he sent me LDAP filter to check – this filter was completely OK, but not very straightforward to read. Yesterday I came across similar usage of objectCategory attribute in LDAP filter, and I don't think it was used in this way … Continue reading "Few word on objectCategory usage in LDAP filters"

Linked Value Replication – what's this about

Reading Time: 5 minutes Hmm … first the question? How many of readers is aware of Linked Value Replication (LVR) in Active Directory? If what I think about readers of this blog is true probably majority of readers is very aware what this is and how it works. At the end I don't have any survey site to perform such … Continue reading "Linked Value Replication – what's this about"

ADMod, ADFind – user rename

Reading Time: < 1 minute Another quick and dirty example how one can user ADMod and ADFind to do something in AD quickly and without scripting. This time question is – how to rename users account, with rename I understand changing their RDN in directory? I will use ADFind to find users and prepare input for ADMod like I did … Continue reading "ADMod, ADFind – user rename"

MIIS newbie tales – Export password attribute with Extensible MA

Reading Time: 2 minutes Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is what it was about 🙂 ). So problem is: we are provisioning new account to … Continue reading "MIIS newbie tales – Export password attribute with Extensible MA"

Playing with new ADFind and ADMod

Reading Time: < 1 minute Today on Microsoft.public.windows.server.active_directory  simple question was asked: Is possible clean all logon scripts from a OU at the same time. This OU contains others sub-OUs. Sure it is :), thanks to joe we have updated versions of ADFind and ADMod in our toolbox. First we need a filter which is simple: (&(objectClass=user)(objectCategory=person)(scriptPath=*)) which should give … Continue reading "Playing with new ADFind and ADMod"

Disable simple bind without SSL on ADAM

Reading Time: < 1 minute Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind attribute value to 1. This will reject authentication attempts which will be made … Continue reading "Disable simple bind without SSL on ADAM"

Auditing directory changes aka "Who deleted this object"

Reading Time: 4 minutes Some question were raised by few peoples about directory object auditing – mostly in a context of question "Who deleted the object?" – so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't … Continue reading "Auditing directory changes aka "Who deleted this object""

Script to populate AD with Excel files

Reading Time: < 1 minute Many times on groups and forums people were asking about script which will populate AD with data from Excel file. Alex Tcherniakhovski has modified one of scripts available in script center to create test data in AD environment based on Excel files. This script was created for testing pourposes but it can be used and … Continue reading "Script to populate AD with Excel files"