O R G A N I C / F E R T I L I Z E R: 01.06

Jan 30, 2006

finding a mom rule by the guid

just connect to your mom production database and issue the following command against the onepoint database: select * from processrule where idprocessrule = 'rule-guid'

Jan 11, 2006

finding where a user was deleted

on the activedir list today, tiroa yann posted steps on how to figure out where a user was deleted. here's the method. you'll need two tools to begin with: repadmin and adfind.
  1. adfind -default -showdel -f (isdeleted=TRUE) -gc
  2. repadmin /showobjmeta dcname deletedobjectDN | find /i "isdeleted"
the first command will output a list of all deleted objects. once you locate the object you want to look at, grab the string labeled "dn:". using the second command, replace dcname with the name of one of your domain controllers. replace deletedobjectDN with the string from the first command. make sure you put this string in quotations if there are any spaces in it. piping to find will output only the line with "isDeleted" as the attribute. now that you have the server and time/date, you can use any utility like eventcomb or psloglist to try to find the event id. tiroa suggested this command: psloglist \\dcname security -i 630 -a date. good stuff...

Jan 10, 2006

management book

hey, it looks like that book i had worked on last year (four chapters) is going to release sometime around may. click this link to see the book on barnes and noble.

mom: irritating unresolved guids in security events

if you've setup mom to collect security events and find that parameters return guids instead of friendly names, read this article to correct it.