tag:blogger.com,1999:blog-155599372024-03-12T23:22:44.273-05:00Plain Text Prosenotes, ramblings, contemplations, transmutations, and otherwise ... on management and directory miscellanea.Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.comBlogger521125tag:blogger.com,1999:blog-15559937.post-14025094149298005882019-05-07T14:16:00.000-05:002019-05-07T14:16:04.697-05:00How to Identify Applications Using Your Domain Controller<h2>
Problem</h2>
Everyone has been through it. We've all had to retire or replace a domain controller at some point in our checkered collective experiences. While AD provides very intelligent high availability, some applications are just plain dumb.<br />
<br />
They do not observe site awareness or participate in locating a domain controller. All they want is the name or IP of one domain controller which gets hardcoded in a configuration file somewhere, deeply embedded in some file folder or setting that you are never going to find.<br />
<br />
How do you look at a DC and decide which applications might be doing it? Packet trace? Logs? Shut it down and wait for screaming? It seems very tedious and nearly impossible.<br />
<h2>
Potential Solution</h2>
Obviously I wouldn't even bother posting this if I hadn't run across something interesting. :) I ran across something in draftcalled Domain Controller Isolation. Since it's in draft, I don't know that it's published yet. HOWEVER, the concept is based off these two posts:<br />
<ul>
<li><a href="https://blogs.technet.microsoft.com/pie/2014/07/13/how-to-detect-applications-using-hardcoded-dc-name-or-ip/">https://blogs.technet.microsoft.com/pie/2014/07/13/how-to-detect-applications-using-hardcoded-dc-name-or-ip/</a></li>
<li><a href="https://blogs.technet.microsoft.com/askpfeplat/2013/12/15/domain-and-dc-migrations-how-to-monitor-ldap-kerberos-and-ntlm-traffic-to-your-domain-controllers/">https://blogs.technet.microsoft.com/askpfeplat/2013/12/15/domain-and-dc-migrations-how-to-monitor-ldap-kerberos-and-ntlm-traffic-to-your-domain-controllers/</a></li>
</ul>
In short, you have to go through these steps:<br />
<ul>
<li>Using GPO, set the DC not to register its SRV records.</li>
<li>Set up a custom monitor data collector to log these providers:</li>
<ul>
<li>Active Directory Domain Services: Core</li>
<li>Active Directory: Kerberos KDC</li>
<li>NTLM Security Protocol</li>
</ul>
<li>Convert the data to something human readable:</li>
<ul>
<li><span style="font-weight: bold;">tracerpt -l "mydata.etl" -of CSV</span></li>
</ul>
<li>Import it into the spreadsheet.</li>
</ul>
I'll post more details later.<br />
Maybe. <br />
<br />
<br />
<br />
<span style="font-weight: bold;"></span><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com3tag:blogger.com,1999:blog-15559937.post-41019812131145029432016-10-18T16:16:00.001-05:002016-10-18T16:16:01.122-05:00How to Check for Expiring Certificates in PowerShell<p><font size="1">This one I’m saving for later. Don’t confuse this with actually managing certificates via the PKI module. This is really about finding information on certificates already deployed.</font></p> <p><font size="1">First of all, remember that Cert:\ is a PS drive. Try something like this when you open a PS prompt:</font></p> <p><font face="Consolas">cd cert:\<br>cd currentuser\my<br>dir</font></p> <blockquote> <p><font size="1" face="Consolas">PS C:\> cd cert:\<br></font><font size="1" face="Consolas">PS Cert:\> cd currentuser\my<br></font><font size="1" face="Consolas">PS Cert:\currentuser\my> dir<br></font><br><font size="1" face="Consolas"> Directory: Microsoft.PowerShell.Security\Certificate::currentuser\my<br><br></font><font face="Consolas"><font size="1" face="Consolas">Thumbprint Subject <br>---------- -------</font></font></p></blockquote> <p><font size="1">So with that in mind, you can do the typical kind of listing/sorting/displaying. One of the interesting switches that shows up when you’re in the certificates drive is the –ExpiringInDays. This is extremely useful if you’re trying to get a return of certificates that are about to expire (think alerting.)</font></p> <blockquote> <p><font size="1" face="Consolas">get-childitem -path Cert:\CurrentUser\My -ExpiringInDays 180</font></p></blockquote> <p><font size="1">By doing this, you can treat this as a boolean return. If something pops up, fire an alert.</font></p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-73777387458168268602016-09-22T14:30:00.001-05:002016-09-22T14:30:19.519-05:00Max Group Membership Limits for Active Directory<p>While exploring the concept of maximum membership limits for groups, I ran into a number of posts which offered contradicting information. To set the record straight, we will start with with ancient history.</p> <p>When Windows 2000 was released, the recommended number of members in a group was 5000. This corresponds with the number of changes that could be written in a single replication cycle (if I have my facts straight.) Remember, back in those days, every time you changed the membership of a group, you caused the entire group and all its membership information to replicate.</p> <p>With the release of Windows 2003 came the concept of Linked Value Replication. This enabled you to make membership changes to a group and only replicate the changes in membership – adds, deletes, etc. Because of this, Microsoft hasn’t issued a new recommended limit. Here’s a snippet from a document titled <a href="https://www.microsoft.com/en-US/download/details.aspx?id=53314#BKMK_Users"><strong>Windows Server 2003 R2 and Windows Server 2003</strong></a>:</p> <blockquote> <p><em>Recommended Maximum Number of Users in a Group </em> <p align="justify"><em>For Windows 2000 Active Directory environments, the recommended maximum number of members in a group is 5,000. This recommendation is based on the number of concurrent atomic changes that can be committed in a single database transaction. Starting with Windows Server 2003, the ability to replicate discrete changes to linked multivalued properties was introduced as a technology called Linked Value Replication (LVR).To enable LVR, you must increase the forest functional level to at least Windows Server 2003 interim. Increasing the forest functional level changes the way that group membership (and other linked multivalued attributes) is stored in the database and replicated between domain controllers. This allows the number of group memberships to exceed the former recommended limit of 5,000 for Windows 2000 or Windows Server 2003 at a forest functional level of Windows 2000. So far, testing in this area has yet to reveal any new recommended limits to the number of members in a group or any other linked multivalued attribute. Production environments have been reported to exceed 4 million members, and Microsoft scalability testing reached 500 million members.</em></p></blockquote> <p align="left">So there you have it. The next time someone asks you about membership limitations of a group, you can happily tell them – it doesn’t exist (because you aren’t on Windows 2000, right? RIGHT?)</p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com1tag:blogger.com,1999:blog-15559937.post-26866860524022368092016-07-05T10:12:00.001-05:002016-07-05T10:12:48.318-05:00ATLSMUG Meeting 07/22/2016<p><a title="http://www.atlsmug.org/events/register-now-july-22" href="http://www.atlsmug.org/events/register-now-july-22">http://www.atlsmug.org/events/register-now-july-22</a></p> <p><a href="http://www.atlsmug.org/events/register-now-july-22" target="_blank"><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" src="http://www.atlsmug.org/uploads/6/1/0/1/6101692/8561235.png"></a></p> <p> </p> <p>Hi everyone.</p> <p>If you’re familiar with Atlanta TechStravaganza, you’re probably used to having seen an announcement by now. Well, <strong><font size="3">we had some logistical challenges</font></strong> this year so it looks like we have to push back until later this summer.</p> <p>This is typically where we hold our 2nd quarter meetings for ATLSMUG.<strong><font size="3"> In the absence of that event, we are moving forward with our own meeting</font></strong> to keep things going. I hope you will find yourself available to join us.</p> <p><font size="3"><strong>We’ll be back at the Microsoft Alpharetta campus </strong></font>(thank you Microsoft – Jim & crew are great!) looking to start our first presentation at 10 AM and ending around 3 PM. Hopefully this will solve the traffic challenges that I know many of you face getting to the event.</p> <p><a href="https://www.bing.com/local?lid=YN873x3847836050652906840&id=YN873x3847836050652906840&q=Microsoft+Corporation&name=Microsoft+Corporation&cp=34.0479736328125%7e-84.312126159668&ppois=34.0479736328125_-84.312126159668_Microsoft+Corporation&FORM=SNAPST" target="_blank"><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" src="https://platform.bing.com/geo/REST/v1/Imagery/Map/Road?ms=415,150&pp=34.047974,-84.312126;151&key=Ajm-RgYrhxMXsfUcAPBGX0ZvJzAvM92jRxZK9raEZMOi-3W3MNUjZLvaCr8EW61H&c=en-US"></a><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px 0px 0px 9px; padding-right: 0px" border="0" src="https://tse1.mm.bing.net/th?&id=OIP.M3171d61d279961c0af79591e17bd762bo0&w=289&h=289&c=0&pid=1.9&rs=0&p=0&r=0" width="148" height="148"></p> <p>We’ve got some good stuff cooking up – Orchestrator, ConfigMgr, etc. However, <strong><font size="3">if you have any urgent topics</font></strong>, we might still have time to work them in. Just drop us a note at <a href="mailto:leaders@atlsmug.org">leaders@atlsmug.org</a>. Any other comments, suggestions, topics, etc are welcome, too.</p> <p>And of course, if you want to be a presenter, we’re always looking for people. It’s a great environment for it! Round-table style presentations, open forum.<strong><font size="3"> Get your ideas heard and validated in a meeting of your peers</font></strong>. Great way to practice for larger venues for those of you wanting to break into the presentation circuit.</p> <p>Where else in Atlanta are you going to get a day of systems management <strong><font size="3">learning</font></strong> <strong><font size="3">for free? With free lunch? And a prize giveaway?</font></strong> Only here, everyone. :)</p> <p>Hope to see you there!</p> <p> </p> <p>More details and <strong><font size="3">registration</font></strong> -- <a title="http://www.atlsmug.org/events/register-now-july-22" href="http://www.atlsmug.org/events/register-now-july-22">http://www.atlsmug.org/events/register-now-july-22</a></p> <p> </p> <p>P.S. Thank you Flexera for sponsoring us!</p> <p><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" src="https://media.flexerasoftware.com/designimages/crp-flexerasoftware-logo-main.png" width="252" height="74"></p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-62541148089679336912016-04-04T21:34:00.001-05:002016-04-14T13:34:16.700-05:00Excel and the Mysterious Hang<p>Sometimes, it’s hard just to figure out which needle you’re looking for in haystack. Once you got it figured out though, that needle will look like a big stick.</p> <p><img style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; float: left; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="Question Mark 2" src="http://www.publicdomainpictures.net/pictures/100000/nahled/question-mark-2-1409684289t9w.jpg" width="132" align="left" height="152">My wife came home tonight asking me to look at her laptop. In the last week, her Excel program would hang trying to open Hyperion but would eventually find its way back home. She might have mentioned that Outlook was also opening slowly but having mistook the rest of her sentence as something related to finance, I promptly ignored it – my eyes fixed on the real prize: a chance to tinker.</p> <p>When you don’t know where the problem is, sometimes it’s best to get all the information and start sifting it for signals. When I started off, I was SURE it was some kind of timeout problem so I immediately started with a packet trace.<sup>1</sup> #NOPE There was nothing evident of a long or delayed response.</p> <p>Well, I knew Excel was problematic (you know, since I forgot about Outlook) and decided to hone in on the processes involved with it. I fired up the handy little <a href="https://live.sysinternals.com/Procmon.exe" target="_blank">Sysinternals Process Monitor</a> and had my wife run through her steps again. I captured the specimen and moved it into the laboratory for closer examination.</p> <p><a title="source: wikimedia" href="https://upload.wikimedia.org/wikipedia/commons/b/ba/PSM_V43_D075_Chemical_laboratory.jpg" target="_blank"><img title="" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; border-top-width: 0px; margin-right: auto" border="0" alt="wikipedia.com" src="https://upload.wikimedia.org/wikipedia/commons/b/ba/PSM_V43_D075_Chemical_laboratory.jpg" width="528" height="308"></a></p> <p>What I was looking for now was a gap. I knew there was some kind of delay or timeout and was hoping something in the procmon trace would show me. <em>If you don’t use any filters to limit the information, no amount of hope is going to make it show up.</em> I had to keep excluding things which was only marginally helpful. I gave up and went all in. I excluded anything that wasn’t Excel and hid all SUCCESS results.</p> <p>By slowly dragging the net across the screen, I finally managed to see the little tear I was looking for. The time values jumped. That’s significant. It went from 6:42:48 to 6:43:27. It was nearly 40 seconds. That was when I knew what needle I was looking for and when that needle became a big stick.</p> <p><a href="https://lh3.googleusercontent.com/-zcBqZ55e3Jg/Vw_ipDo_ldI/AAAAAAAADYc/maahzzvQsho/s1600-h/2016-04-04_22-09-13%25255B1%25255D.png"><img title="2016-04-04_22-09-13" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="2016-04-04_22-09-13" src="https://lh3.googleusercontent.com/-LO8110wD2KU/Vw_ipy5F5dI/AAAAAAAADYg/pr3wHaGKods/2016-04-04_22-09-13_thumb%25255B3%25255D.png?imgmax=800" width="643" height="159"></a></p> <p>The events immediately before and after showed reg key calls related to wpad. Hmm. Wpad. That’s familiar. In fact, it probably stands for Windows Proxy Auto Detect. #NOPE #2 According to Wikipedia, it actually stands for Web Proxy Autodiscovery Protocol.</p> <blockquote> <p><em><font color="#a5a5a5"><font color="#666666">The <strong>Web</strong> <strong>Proxy</strong> Auto-Discovery <strong>Protocol</strong> (<strong>WPAD</strong>) is a method used by clients to locate the URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete, it can be executed to determine the proxy for a specified URL</font>.</font></em></p></blockquote> <p align="justify">If that’s really the problem coming out of Excel, I was willing to bet that Excel was using the proxy settings of Internet Explorer. I fired up IE. It hung. <strong>HELLZ YEAH.</strong> Looking at the <strong>LAN settings</strong><sup>1</sup> revealed all. While my wife was onsite at a different company, the local IT staff reconfigured her browser to use their proxy.</p> <p align="justify"><a title="source: welovecatsandkittens.com" href="http://welovecatsandkittens.com/wp-content/uploads/2014/05/black-kitten-roar.jpg" target="_blank"><img title="" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; border-top-width: 0px; margin-right: auto" border="0" alt="welovecatsandkittens.com" src="http://welovecatsandkittens.com/wp-content/uploads/2014/05/black-kitten-roar.jpg" width="413" height="571"></a></p> <p>I unchecked the <strong>Use automatic configuration script </strong>setting. IE worked. Excel worked… and uhhh, yeah. So did Outlook. ;-)</p> <p>Hope that helps you out! Happy hunting.</p> <p> </p> <p><sup>1 </sup><font size="1">Did you know you can capture packets from a cmd prompt without Netmon, Message Analyzer, or Wireshark installed? Oh, yes, you can. </font><a title="http://marcusoh.blogspot.com/2014/10/using-netsh-to-capture-packets.html" href="http://marcusoh.blogspot.com/2014/10/using-netsh-to-capture-packets.html"><font size="1">http://marcusoh.blogspot.com/2014/10/using-netsh-to-capture-packets.html</font></a></p> <p><sup>2</sup> <font size="1">You can view the LAN settings by navigating to the following path: Internet Explorer / Internet Options / Connections tab / LAN settings.</font></p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-52547953954361310822016-03-25T11:07:00.001-05:002016-03-25T11:07:28.574-05:0003.11.2016 User Group Survey<p><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" src="http://www.atlsmug.org/uploads/6/1/0/1/6101692/8561235.png"></p> <p>Hello everyone. I hope that you were able to make the Q1 Atlanta Systems Management User Group (ATLSMUG) meetup! For those that weren’t able to make it, it was a pretty fun event. </p> <p><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="bigpiehome1" src="http://bigpieinthesky.com/wp-content/uploads/2014/03/bigpiehome11-300x200.jpg" align="right">We had some good stuff on Windows 10 from Bruce and Stephen, had a great selection of fantastic beer, had these amazingly large slices of pizza from Big Pie in the Sky, and had a turn out of over 30 people from three different user groups!</p> <p>It was great to see so many familiar faces and to meet with new people from ATLPUG and WINVUG.</p> <p>Now, we need some help from you. If you made the event, would you mind filling out our little survey? It’ll take you less than 2 minutes but will be immensely powerful in helping us understand what you like and want to get out of these events in the future.</p> <p>Here’s the link: <a title="https://www.surveymonkey.com/r/HRLWFCT" href="https://www.surveymonkey.com/r/HRLWFCT">https://www.surveymonkey.com/r/HRLWFCT</a></p> <p>THANKS AGAIN!</p> <p> </p> <p>Oh, by the way, if you’re looking for the content from the event, here are the slides: </p> <p><a href="https://atlsmug-my.sharepoint.com/personal/marcus_oh_atlsmug_org/_layouts/15/guestaccess.aspx?guestaccesstoken=EfaCUAs0sHuNr8bnWdolARMBCj2IUggA1P2rjJNqAlk%3d&docid=03bd521480ccd43af8747a959c9744d9e">Bruce Lyon’s Presentation</a><br><a href="https://atlsmug-my.sharepoint.com/personal/beth_stewart_atlsmug_org/_layouts/15/guestaccess.aspx?guestaccesstoken=hJHshfMHpieFXJsFqdiMhgoM37NuzF9cWf0%2bAMOLEVE%3d&docid=0c0a78cc48d044bb49db05ec205896283">Stephen Owen’s Presentation 1/2</a><br><a href="https://atlsmug-my.sharepoint.com/personal/beth_stewart_atlsmug_org/_layouts/15/guestaccess.aspx?guestaccesstoken=3VbJG6y7rci%2bVGDN0C0JEofIhjYo6q7kfRLO1abKVMw%3d&docid=038420d36290947afaf77e23781102440">Stephen Owen’s Presentation 2/2</a></p> <p>/marcus</p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com1tag:blogger.com,1999:blog-15559937.post-5758775043506596342016-03-14T16:17:00.001-05:002016-03-14T16:18:03.813-05:00Accessing a Protected Domain Administrator Account<p><img style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="door, green, closed" src="https://static.pexels.com/photos/4291/door-green-closed-lock-large.jpg" width="667" height="457"></p> <p>As a good practice measure, the default domain administrator account which comes pre-installed with every Active Directory should be guarded from misuse. We all know this. To follow in this good practice, the account should be renamed from the default name and disabled.</p> <p>So what happens if this account is the one you have to use to recover from a problem? Let’s say, for example, that all of your usual domain administrative accounts are somehow not accessible for use and requires you to get to this account. If it’s disabled, what do you do?</p> <p>Should you find yourself in the scenario that you have a disabled administrator account AND know the password --</p> <ul> <li>Boot up the domain controller to Safe Mode (make sure it is not Safe Mode w/ Networking.) This quasi-enables the account. You can at least log on with it. <li>Using the account and password, log in. <li>Open a command prompt and issue the following: </li></ul> <blockquote> <p><strong>net user administrator /active:yes</strong></p></blockquote> <p>Now you have an enabled default domain admin account. You can reboot the DC and presume as normal on what will probably be the worst day in your life. :) <p> <p><strong>Note:</strong> When you change the account password as a part of your routine process, make sure you verify that DCs receive the password change, in case you need it in a disaster scenario. You can easily validate replication by issuing the following command: <blockquote> <p><strong>repadmin /showobjmeta <dc name> <admin account distinguished name> </strong></p></blockquote><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com1tag:blogger.com,1999:blog-15559937.post-33403044457490095262016-03-01T09:22:00.000-05:002016-03-01T09:22:00.860-05:0003.11.2016 ATLSMUG Meet Up!<p align="justify"><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" src="http://www.atlsmug.org/uploads/6/1/0/1/6101692/8561235.png" align="right">Hi everyone! Just a reminder of the upcoming 3/11 meet up which is just around the corner. We partnered with Microsoft and joined up with the Atlanta PowerShell User Group and the Windows Infrastructure and Virtualization User Group to bring you some special Windows 10 content.</p> <p align="justify">Sorry it took so long to get the details out. We had some challenges rounding up some speakers as it looks like there are some other events going on around the same time. Well, that might be the case, but <strong>no other event is going to be doing a pizza and beer get together</strong> for you and your closest geeks while you learn some great Windows 10 info. Hope you’ll join us!</p> <p align="justify">Bruce Lyons and Stephen Owens has graciously offered to present Windows 10 and other related content. Here’s what’s coming up:<img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: left; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" src="http://res1.windows.microsoft.com/resbox/en/windows/main/8461c40e-b054-491a-ba53-d0cd72cda3a3_7.png" width="143" align="left" height="135"></p> <p align="justify"> <table cellspacing="0" cellpadding="2" width="400" border="0"> <tbody> <tr> <td valign="top" width="400">+ browsers & apps</td></tr> <tr> <td valign="top" width="400">+ identity & security</td></tr> <tr> <td valign="top" width="400">+ configuration management</td></tr> <tr> <td valign="top" width="400">+ continuous innovation</td></tr> <tr> <td valign="top" width="400">+ implementation tips & tricks</td></tr></tbody></table></p> <p align="justify">Register for the event <strong>HERE</strong>. The condition for the funding is that <strong><em>we need 40 people registered</em></strong> so if you’re thinking of coming, don’t wait until the last minute. Every person counts! Also, we need your help to get the word out so please let your friends and coworkers know about this awesome event! SEE YOU THERE! :)</p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-80058465977353638052016-02-17T07:20:00.001-05:002016-02-17T07:20:42.877-05:00Community Roadshow 3.11.2016<p><a href="http://www.atlsmug.org"><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: left; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 12px 25px 0px 0px; display: inline; padding-right: 0px" border="0" src="http://www.atlsmug.org/uploads/6/1/0/1/6101692/8561235.png" align="left"></a>Doing something a little bit differently this time. We’ve partnered with Microsoft to bring you timely content on Windows 10! I don’t have a complete schedule yet as we are still bringing in speakers for the event.</p> <p><strong>Mark your calendars now though and go register so you can get the clearance to show up! March 11, 2016.</strong></p> <p>At some point, Flatiron City will be a venue which opens up and becomes available for events like these. In the meantime, we’re still hosting out of Alpharetta. All of the details are going to show up here as we put it together. <a title="http://www.atlsmug.org/events/iti-community-roadshow-registration" href="http://www.atlsmug.org/events/iti-community-roadshow-registration">http://www.atlsmug.org/events/iti-community-roadshow-registration</a></p> <p> </p> <p>So what’s different you ask? Well, a few things. First of all, we’re being joined by the Windows Infrastructure and Virtualization User Group as well as the Atlanta PowerShell User Group. Pretty cool, right? If nothing else, you’ll get exposure to the great folks in the other communities here in Atlanta.</p> <p>Secondly, we typically do a full day meetup. Instead of that format, we are opting with a 12ish to 4ish configuration. Instead of the usual breakfast/lunch scenario, we’re going to do a <strong>PIZZA & BEER event</strong>! (and maybe some wine if you really want that…)</p> <p>So bring your appetite for food and knowledge! Look forward to seeing you there. Drop me a personal note if you have any questions. My UG email is <a href="mailto:marcus.oh@atlsmug.org">marcus.oh@atlsmug.org</a>.</p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-2429218616970262482016-01-11T07:39:00.001-05:002016-01-11T07:39:17.469-05:00Microsoft Azure Tour in Atlanta<p>Sometimes I wonder about the effectiveness of Microsoft’s marketing engine. At any rate, if you haven’t already heard, the Azure Tour is happening right now. Atlanta’s turn is up this week, Thursday, 1/14/2016. <p>Still getting caught on up Azure?<br>Have some burning questions you need answered from experts?</p> <p>It’s not too late to attend! Details below.</p> <hr> <p>The <strong>Microsoft Azure Tour</strong> provides a free one day technical training event for IT professionals and developers to help you be more successful in using cloud.<u></u><u></u> <p><u></u><u></u> <p>Our top engineers from Redmond and independent experts from around the world will present <strong>12 technical sessions and 3 unique hands-on opportunities </strong>covering the breadth of the Azure platform and the wealth of developer features including security, networking, big data, storage, identity, web, mobile, hybrid, containers, DevOps, open source, management, and the Internet of Things.<u></u><u></u> <p><u></u><u></u> <p>Featured speaker: <strong>James Staten</strong> – General Manager of Cloud and Enterprise Strategy, Microsoft<u></u><u></u> <p><u></u><u></u> <p><strong>Date<br></strong>Thursday, January 14, 2016<u></u><u></u> <p><u></u><u></u> <p><strong>Venue<br></strong>Hyatt Regency Atlanta<br>265 Peachtree Street NE<br>Atlanta, Georgia, USA, 30303<u></u><u></u> <p><u></u><u></u> <p><strong>Meals<br></strong>Continental breakfast, lunch and coffee breaks.<u></u><u></u> <p><u></u><u></u> <p><strong>Registration<br></strong>Registration opens at 7:30am. A reminder e-mail will be issued on December 29 with details. <p><a href="https://microsoft.eventcore.com/azuretour/atlanta/auth/login#/">https://microsoft.eventcore.com/azuretour/atlanta/auth/login#/</a></p><div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-5347382456386762632015-10-12T04:00:00.000-05:002015-10-12T04:00:08.248-05:00Calculating Bitwise Values<p>In the <a href="http://marcusoh.blogspot.com/2015/10/my-feeble-understanding-of-bitwise.html">last post</a>, I went into a bit of what bitwise AND does, looked at the binary equivalent of the userAccountControl (UAC) value, and showed some visual examples of how calculations are done to find the applied flags.</p> <p>In this post, I thought I’d go through exactly how you do this. So first off, dust off your calculator and get into <strong>Programmer </strong>mode. Since Windows 10 has a beautiful calculator, I’ll be doing my demonstration on that.</p> <p> </p> <h5>CONVERTING INTEGERS TO BINARY IN CALCULATOR</h5> <p>You’ll cry when you see how easy this is.</p> <ol> <li>Make sure your calculator is set to DEC.</li> <li>Type in your value.</li> <li>Observe the BIN value.</li></ol> <p><a href="http://lh3.googleusercontent.com/-NtBPYM-bXI0/VhLdWrxS0qI/AAAAAAAABpk/2ySpGRXMxs8/s1600-h/SNAGHTML42acf92a%25255B6%25255D.png"><img title="SNAGHTML42acf92a" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="SNAGHTML42acf92a" src="http://lh3.googleusercontent.com/-WrBcC2vWs5Q/VhLdW2-eb5I/AAAAAAAABpo/P74lelTQ5xE/SNAGHTML42acf92a_thumb%25255B3%25255D.png?imgmax=800" width="336" height="372"></a></p> <p>Done! When I copy and paste out of the calculator, I get 00010000001000000000.</p> <p> </p> <h5>HOW ABOUT POWERSHELL?</h5> <p>Well, sure. In this case, we can use the [convert] class to switch the value to base2 format. Check it out:</p> <div class="csharpcode"><pre class="alt"><font face="Hack">[Convert]::ToString(66048, 2)</font></pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>This outputs the exact binary value I had before with the leading zeroes stripped off -- 10000001000000000. Note all I did was add my value 66048. As an aside, you can also change it to hexadecimal by using base16 format.</p>
<div class="csharpcode"><pre class="alt"><font face="Hack">[Convert]::ToString(66048, 16)</font></pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>The output is 10200. If you check the UAC chart, you will find that NORMAL_ACCOUNT (200) and DONT_EXPIRE_PASSWORD (10000) together equals 10200.</p>
<p>You can send the binary and hexadecimal values back to the integer value as well.</p><pre class="csharpcode"><font face="Hack">[Convert]::ToInt32(10000001000000000, 2) <- binary
[Convert]::ToInt32(10200, 16) <- hex</font></pre>
<p>Try them. You’ll end up with 66048 for both converted values.</p>
<p>Oh, by the way, if you recall, there is one flag called PASSWORD_EXPIRED (dec 8388608). Don’t spend your time searching this out. It doesn’t get used. Instead, the attribute <strong>pwdLastSet</strong> with a value of “0” is what is the equivalent of an expired password.</p>
<p> </p>
<h5>PERFORMING BITWISE CALCULATIONS</h5>
<p>In the last post, we did some bitwise AND calculations by simply lining up the binary equivalents and matching where the 1s fell. If you wanted to do this in calculator, you start with the value at hand, 66048, and subtract the next highest number that is equal to or smaller.</p>
<p><font face="Hack">66048 - 65536 = 512<br>512 - 512 = 0</font></p>
<p>Once you’re at 0, you’re complete. Since you were able to remove 65536 and 512 integers from 66048, those values are in effect. This method is prone to error but was what I used before learning other methods.</p>
<p>The <strong>more effective way</strong> to do this is to use the actual bitwise AND operator. This is how you do it.</p>
<p><font face="Hack">Ex. 1 66048 AND 65536 = 65536<br>Ex. 2 66048 AND 16 = 0</font></p>
<p>I provided two examples. If the value returned is the same as the value you’re validating, it checks out as seen in #1. If the value returns a 0, it isn’t a match. Pretty cool, right?</p>
<p>PowerShell is fundamentally the same. Take a look:</p>
<div class="csharpcode"><pre class="alt">> 66048 <span class="preproc">-band</span> 65536</pre><pre>65536</pre><pre class="alt"> </pre><pre>> 66048 <span class="preproc">-band</span> 16</pre><pre class="alt">0</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p> </p>
<h5>I DON’T DO ELEGANT CODE</h5>
<p>I wrote this more or less as a concept to see how things work. You could push everything into a function to return the values associated with any UAC code you throw at it.</p>
<p>This simple script builds an array of base2 values ranging from 2^1 to 2^26. (Technically, I think it goes up to 31 since we’re dealing with 32-bit.) Why 26? Well, there are no bit flags higher than that in use in UAC so there’s really no point.</p>
<p>Each value is evaluated through bitwise AND against the original integer in $myNum. The output contains the values that evaluated appropriately.</p>
<div class="csharpcode"><pre class="alt"><font face="Hack">$myNum = 66048</font></pre><pre><font face="Hack"> </font></pre><pre class="alt"><font face="Hack">$binArray = 1..26 | % { [math]::pow(2,$_) }</font></pre><pre><font face="Hack"> </font></pre><pre class="alt"><font face="Hack"><span class="kwrd">foreach</span> ($bin <span class="kwrd">in</span> $binarray) { </font></pre><pre><font face="Hack"> <span class="kwrd">if</span> ( $myNum <span class="preproc">-band</span> $bin ) {</font></pre><pre class="alt"><font face="Hack"> $binEquation += <span class="str">"$bin "</span></font></pre><pre><font face="Hack"> }</font></pre><pre class="alt"><font face="Hack">}</font></pre><pre><font face="Hack"> </font></pre><pre class="alt"><font face="Hack">$binEquation</font></pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p> </p>
<p>Output kicks out as such -- 512 65536. Yeah, not real pretty.</p>
<p> </p>
<h5>EXCELING IN FUN</h5>
<p>(Yeah, right.) I have included a link to the worksheet I created for this exercise called Bitwise_UserAccountControl.xlsx. It’s protected with a password -- bitwise. I only did that so you would know which fields to modify to make it work.</p>
<p><a href="http://lh3.googleusercontent.com/-4cMowjvIJ6c/VhQS9OmvQ4I/AAAAAAAABqA/__5ZGYUUd4c/s1600-h/image%25255B12%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-s74ioe-54pI/VhQS9gBriHI/AAAAAAAABqE/fw4nN_LnoOA/image_thumb%25255B8%25255D.png?imgmax=800" width="640" height="179"></a></p>
<p>I modified the spreadsheet a little bit from the original versions I was using to make it work better. It now has a conditional formatting calculation that changes the flags row if the bit pattern is proper. :o)</p>
<ol>
<li>Modify Row 1 and replace it with the binary value of the UAC attribute.</li>
<li>Unlock the spreadsheet and add any other binary values to check against. In the spreadsheet, I only included 2, 256, 512, and 65536 out of laziness. You can add in all of them if you wish -- making it complete.</li>
<li>Watch the Flag row magically change to blue/white with a border if the resulting pattern is true.</li></ol>
<p>Here’s a <a href="https://www.dropbox.com/s/pg3c4qd7rangx1o/Bitwise_UserAccountControl.xlsx?dl=0">LINK</a> to the spreadsheet if you’re interested in playing around. Anyway, that’s about all I have. I hope you found this as interesting as I did.</p>
<p> </p>
<h5>REFERENCES</h5>
<p><a href="http://vipan.com/htdocs/bitwisehelp.html">Bitwise Help</a><br><a href="http://marcusoh.blogspot.com/2008/01/sms-decoding-advertflags-for.html">Decoding advertFlags</a><br><a href="https://support.microsoft.com/en-us/kb/305144">How to use the UserAccountControl flags to manipulate user account properties</a><br><a href="http://www.madwithpowershell.com/2013/10/math-in-powershell.html">[Math] in PowerShell</a></p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-57040821446550449442015-10-05T05:00:00.000-05:002015-10-05T05:00:00.930-05:00My Feeble Understanding of Bitwise<p>I thought I would set the record straight that by posting something about bitwise does not make me an authority. It doesn’t even make me mildly educated about the concept. In fact, if you have been with me since the beginning, you will know the intention of my blog to create posts that would serve as reminders of how I did something previously -- or interesting stuff that I might have found. <em>With that meager attempt at excusing my ignorance, let’s talk bitwise.</em></p> <p>In my <a href="http://marcusoh.blogspot.com/2015/09/deciphering-useraccountcontrol.html">last post</a>, I mentioned deciphering userAccountControl (UAC). As an aside, this bitwise stuff isn’t just AD. You can find it in other things like <a href="http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012-overview.aspx">ConfigMgr</a> for example. Remember <a href="http://marcusoh.blogspot.com/2008/01/sms-decoding-advertflags-for.html">advertFlags</a>? That post contained some detail on decoding, bitwise, etc., as well.</p> <p> </p> <h5>REFRESHER</h5> <p>Back to our previous example, we had a user with UAC value of 66048. We decoded 66048 into its two parts, 65536 and 512. I didn’t go into much detail on how I got those two values, so I thought I’d explain all that here.</p> <p>First, a background on bitwise AND. Basically, you multiply two binary values together. Since you’re dealing with 0s and 1s, you can only end up with two conclusions -- a 0 or a 1:</p> <table cellspacing="0" cellpadding="2" width="206" border="0"> <tbody> <tr> <td valign="top" width="115"><font size="4">0 x 0 = 0</font></td> <td valign="top" width="89"><font size="4">0 x 1 = 0</font></td></tr> <tr> <td valign="top" width="115"><font size="4">1 x 0 = 0</font></td> <td valign="top" width="89"><font size="4">1 x 1 = 1</font></td></tr></tbody></table> <p>It’s easier to show you what I mean.</p> <p> </p> <h5>BITWISE AND</h5> <p>Back to UAC 66048. If we convert this decimal value to binary, we get 10000001000000000. I’ll bring this up again in a minute, but for now, here are the list of flags again, since we’re going to need to reference it.</p> <p><img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-f65N3Qw7fz4/VgxyNX2EJFI/AAAAAAAABoI/PuN1PfhTUyg/image%25255B11%25255D.png?imgmax=800"></p> <p> </p> <p>Ordinarily, you would run a bitwise AND for all these values against 66048 to see what came back as true. Let’s pick just a few as an example (since we already know how it’s going to go.)</p> <table cellspacing="0" cellpadding="2" width="601" border="0"> <tbody> <tr> <td valign="top" width="209"><strong>Decimal</strong></td> <td valign="top" width="195"><strong>Binary</strong></td> <td valign="top" width="195"><strong>Flag</strong></td></tr> <tr> <td valign="top" width="209"><font face="Hack">66048</font></td> <td valign="top" width="217"><font face="Hack">0001 0000 0010 0000 0000</font></td> <td valign="top" width="243"><font face="Hack"></font></td></tr> <tr> <td valign="top" width="209"><font face="Hack">65536</font></td> <td valign="top" width="217"><font face="Hack">0001 0000 0000 0000 0000</font></td> <td valign="top" width="243"><font face="Hack">DONT_EXPIRE_PASSWORD</font></td></tr> <tr> <td valign="top" width="209"><font face="Hack">512</font></td> <td valign="top" width="217"><font face="Hack">0000 0000 0010 0000 0000</font></td> <td valign="top" width="243"><font face="Hack">NORMAL_ACCOUNT</font></td></tr> <tr> <td valign="top" width="209"><font face="Hack">256</font></td> <td valign="top" width="217"><font face="Hack">0000 0000 0001 0000 0000</font></td> <td valign="top" width="243"><font face="Hack">TEMP_DUPLICATE_ACCOUNT</font></td></tr> <tr> <td valign="top" width="209"><font face="Hack">2</font></td> <td valign="top" width="217"><font face="Hack">0000 0000 0000 0000 0010</font></td> <td valign="top" width="243"><font face="Hack">ACCOUNTDISABLE</font></td></tr></tbody></table> <p><sup>Added some leading zeroes just to make things line up correctly.</sup></p> <p>If we lay these values back over the table of all states, this is how it looks. Remember, where the 1s line up ( 1 x 1 = 1) the state is active. The far left column is the decimal equivalent of the binary value.</p> <p><a href="http://lh3.googleusercontent.com/-ChXPX404rrU/Vg1wY74YYpI/AAAAAAAABpE/yfYW318EVxQ/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-Q7efz9eGTsA/Vg1wZHCviqI/AAAAAAAABpI/ieZ-6C5yE7U/image_thumb%25255B2%25255D.png?imgmax=800" width="721" height="285"></a></p> <p><sup>Removed the leading zeroes here to compress the display.</sup></p> <p><sub></sub>It’s as we expected. The 1s only line up on the 65536 and 512 values which means it’s a normal account with a password that never expires. GREAT!</p> <p> </p> <h5>OTHERS</h5> <p>There are other bitwise operators such as bitwise OR which is typically used to set a value. If the value already exists, then it doesn’t set it again. I haven’t had a chance to use it so I won’t get into it much.</p> <p> </p> <h5>CALCULATIONS</h5> <p>Bet you’re wondering if there’s a faster way to do this. Well, that’s the great thing about bitwise operators. There is. Next post though.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-49260178190205547002015-09-30T18:37:00.001-05:002015-10-01T08:34:17.911-05:00Deciphering userAccountControl<p>There’s been a lot of good information on userAccountControl (UAC) over the years. I was trying to explain a coworker about how it works which got me really thinking about it. I thought I’d try to share my findings with you in case you have a similar interest in learning it.</p> <p> </p> <h5>WHAT IS USER ACCOUNT CONTROL?</h5> <p>Let me first describe UAC. The simplest definition, in my opinion, would be to say that it’s a composite status of an object. (Let’s talk about user objects specifically.) A user object can be a variety of things -- disabled, enabled, locked, password expired, etc -- which when the integer value that’s stored in UAC is broken down, represents them. That’s why the account options are multi-select, I guess. :-)</p> <p><a href="http://lh3.googleusercontent.com/-5yEX8llK9ro/VgxyMrnVHAI/AAAAAAAABn8/PAC-47V-3Lw/s1600-h/image%25255B5%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-uzz-6QdBCWM/VgxyNBCkRDI/AAAAAAAABoA/TnlxOgz52n4/image_thumb%25255B3%25255D.png?imgmax=800" width="378" height="160"></a></p> <p>Note that UAC is a 32-bit value. Anyway, this is the LDAP attribute where Active Directory stores the various states of your user account. How many different states can a user account be in, you might be wondering? It’s documented in quite a few places, actually (and now here.)</p> <p><a title="User Account Control values" href="https://support.microsoft.com/en-us/kb/305144"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-f65N3Qw7fz4/VgxyNX2EJFI/AAAAAAAABoI/PuN1PfhTUyg/image%25255B11%25255D.png?imgmax=800" width="426" height="458"></a></p> <p><sup>(Sorry about the screenshot. I had ALL THE INTENTION in the world to actually make it copy/paste, but translations going into Live Writer wasn’t being my friend. I linked it to the article with the values though. :) One last note, if you look at the flag name, it’s pretty clear that not all of those states actually apply to user objects.)</sup></p> <p> </p> <h5><strong>INTRODUCING… OUR EXAMPLE</strong></h5> <p>Let’s make this practical and figure out what we’re looking at. Suppose you were goofing around running queries looking at UAC and found an account of interest. The account has a value of 66048. If I run a bitwise AND against it based on the values in the above table, it breaks down into 65536 and 512.</p> <p>Go on, check my math. 65536 + 512 = 66048.</p> <p>I transposed the table above to make it easier to look at. Basically, 66048 translates to a normal account with a password that never expires. That makes sense so far right?</p> <p><a href="http://lh3.googleusercontent.com/-A7c3yt4Y9ZI/VgxyNq2BLCI/AAAAAAAABoQ/RnZMf7a-zPc/s1600-h/image%25255B26%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-5ZSiqdBuGAc/VgxyN0Q0iOI/AAAAAAAABoY/-34a_2Q3kHQ/image_thumb%25255B15%25255D.png?imgmax=800" width="560" height="236"></a></p> <p> </p> <h5>THE BINARY VIEW</h5> <p>When you convert 66048, you get the binary equivalent of 10000001000000000. If you look at the table above, there are definitely values that are missing -- like 1024. If we add those values back in and overlay our binary version of the UAC value, the 1s lay right over the state. Cool, huh?</p> <p><a href="http://lh3.googleusercontent.com/-xd7xmnlHMzE/VgxyOF0QipI/AAAAAAAABog/496Z3zIM900/s1600-h/image%25255B31%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-H03TK65lc5I/VgxyOnpM2rI/AAAAAAAABoo/UcoRf9KYdwA/image_thumb%25255B18%25255D.png?imgmax=800" width="721" height="236"></a></p> <p> </p> <h5>BITWISE OPERATORS</h5> <p>I mentioned using bitwise AND earlier to figure out what UAC 66048 was composed of. I’ll get into that in my next post since you are probably still waking up from reading this one.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-46443645216198034522015-08-18T10:25:00.001-05:002015-08-18T12:46:26.002-05:00OpsMgr: Where Are My Events?<p>Yeah. I know. We’re late to the party. We just got OpsMgr 2012 rolled out. If you want to skip the story time, just go to the TL;DR section.</p> <p>So, one of the first times I opened the console, I realized there were some events I was looking for that I wasn’t able to find. After carefully combing the console (read: frantically clicking on crap) I came to the realization that no matter which event view I chose, it was restricted to one day.</p> <p>After talking with one of my engineers, he suggested looking at this article <a href="http://www.opsman.co.za/how-to-search-for-more-then-500-objects-in-the-scom-console-group-and-report-add-objects-fields">http://www.opsman.co.za/how-to-search-for-more-then-500-objects-in-the-scom-console-group-and-report-add-objects-fields</a> which seems to be referring to searching objects. It did, however, lead to a very useful registry key:</p> <div class="csharpcode"><pre class="alt">HKEY_CURRENT_USER\Software\Microsoft\Microsoft Operations Manager\3.0\Console\ConsoleUserSettings</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>I don’t know what most of these settings do and quite frankly don’t want to figure it out. There are, however, two registry values of particular interest:</p>
<ul>
<li>AlertViewTimeSpan | 6048000000000</li>
<li>EventViewTimeSpan | 864000000000</li></ul>
<p><a href="http://lh3.googleusercontent.com/-QObrp8EGMCk/VdNOaXSsQjI/AAAAAAAABmg/T3gq3GAzJ5U/s1600-h/image%25255B5%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-XrXJVv_olAE/VdNOapmvH6I/AAAAAAAABmk/GM7kCMBbMho/image_thumb%25255B3%25255D.png?imgmax=800" width="640" height="212"></a></p>
<p>They’re pretty self-explanatory -- at least the function. Out of the box, the in-console alerts display pretty much the whole range of what’s captured.</p>
<p>So far as I can tell and if the internet holds true:</p>
<ul>
<li>10,000,000 ticks in a 1 second</li>
<li>86,400 seconds in 1 day</li></ul>
<p>That means the Alert view value translates to 7 days, and the Event view value translates to 1 day. <strong>Eureka</strong>.</p>
<p> </p>
<h4>[ T L ; D R ]</h4>
<p>All you have to do is take the existing QWORD value in the EventViewTimeSpan and multiple it by the number of days that you’re interested in. Keep in mind, this applies to all event views as there is no way to limit the date range for event views (that I know of.)</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-7654057342070474492015-08-13T08:46:00.001-05:002015-08-13T08:46:48.775-05:00how to retrieve your ip address with powershell...<p><strong>update: </strong>here is a new method using <a href="http://powershell.com/cs/blogs/tips/archive/2015/08/12/quickly-getting-ip-addresses.aspx">system.net.dns as noted here</a>:</p> <div class="csharpcode"><pre class="alt">[system.net.dns]::gethostaddresses(<span class="str">""</span>).ipaddresstostring</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p><strong></strong> </p>
<p><strong>update: </strong>this is how it’s performed in <a href="http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/07/powertip-use-powershell-3-0-to-find-an-ip-address.aspx">powershell v3 as demonstrated here</a>.</p>
<div class="csharpcode"><pre class="alt">(get-netadapter | get-netipaddress | ? addressfamily <span class="preproc">-eq</span> <span class="str">'IPv4'</span>).ipaddress</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p> </p>
<p><strong>update:</strong> this is by far the easiest.</p>
<div id="codeSnippetWrapper"><pre id="codeSnippet" style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; direction: ltr; text-align: left; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">PS C:\temp> (gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress <span style="color: #cc6633">-ne</span> $null }).ipaddress<br>192.168.1.101</pre><br></div>
<p> </p>
<p> </p>
<p>are you laughing yet? i know you probably find this topic amusing. it's really interesting though. whenever you get over it, i'll do this in the standard cmd.exe interpreter and then in powershell to show you what kind of coolness powershell does.</p>
<p>done? okay, good. this is an interpretation of a demo that bob wells did at our smug meeting. hope you like it.</p>
<p>i should tell you, it's not as simple as the title would lead you to believe. i like doing that little slight-of-hand thing since it gives the impression that i'm painting a very easy target on my back for your criticism (though it's probably true in other ways)! the idea is that we want to retrieve <strong>just</strong> the ip address. so here we go... </p>
<p>first of all, let's see how you'd get an ip address out of ipconfig. since i can't get bob's method of regular expression to work, i created my own for this simple, little demo. following is a series of commands and results to get to the final product. </p>
<p>to start with, let's get the results of ipconfig and use findstr to pull out any lines that look like an ip address:</p>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">C:\temp><font color="#008000">ipconfig | findstr [0-9].\.</font>
<font color="#000080"> IPv4 Address. . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1</font></pre></div><br><br>alrighty, now we have a preliminary list of the addresses we want to use. problem is, we need to strip it down to only the ip address, getting rid of the subnet mask and default gateway. we can achieve this by passing the echoed statement back through findstr looking for the word address. something like this:
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">C:\temp<span style="color: #006080">></span><font color="#008000">for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @echo %a | findstr "Address"
</font>
<font color="#000080"> IPv4 Address. . . . . . . . . . . : 192.168.1.101</font></pre></div><br><br>so far, so good. now let's get the ip address only. we take the stuff from before and use it to the for command again to split everything with the delimiter ":", which gives us two tokens. echoing the second one, we get the ip address:
<div>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">C:\temp<span style="color: #006080">></span><font color="#008000">for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @for /f "tokens=1,2 delims=:" %<span style="color: #0000ff">i</span> in ('@echo %a ^| findstr "Address"') do @echo %j
</font>
<font color="#000080"> 192.168.1.101</font></pre></div></div>
<p><br><br>ah crap! see that? there's a space we have to deal with! to get rid of it, we'll pass it yet again through a for loop. you see, the default delimiter of a for loop command is space and tab. when we pass it back through, we just echo it back:</p>
<div>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">C:\temp<span style="color: #006080">></span><font color="#008000">for /f "delims=" %a in ('ipconfig ^| findstr [0-9].\.') do @for /f "tokens=1,2 delims=:" %<span style="color: #0000ff">i</span> in ('@echo %a ^| findstr "Address"') do @for /f %o in ('@echo %j') do @echo %o</font>
<font color="#000080">192.168.1.101</font></pre></div></div>
<p> </p>
<p>and finally... we arrive at the results we were hoping for. finally.</p>
<p> </p>
<p>okay, let's do the same thing in powershell this time. maybe we'll find it a little easier...</p>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">PS C:\temp> <font color="#008000">ipconfig | findstr [0-9].\.</font>
<font color="#000080">IPv4 Address. . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1</font></pre></div>
<p> </p>
<p>so far the results look about the same. unlike cmd.exe we're not just pushing around text. in this case, the data is coming back as a string object. when we run this through powershell, we can actually pull stuff out based on the index of the array. since we know address is first, we can just call 0 like this:</p>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">PS C:\temp> <font color="#008000">(ipconfig | findstr [0-9].\.)[0]</font>
<font color="#000080">IPv4 Address. . . . . . . . . . . : 192.168.1.101</font></pre></div>
<p> </p>
<p>hmmm. that was easy, but we're not done yet. from here, we need to just retrieve the ip address. the easiest way to do this is to split the contents (truncated it):</p>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">PS C:\temp> <font color="#008000">((ipconfig | findstr [0-9].\.)[0]).Split()</font>
<font color="#000080">IPv4
Address.
.
.
.
:
192.168.1.101</font></pre></div>
<p> </p>
<p>output is pretty ugly in that format, isn't it? luckily, all we need is the last value. just as 0 is the index which indicates the first member of an array, we can use -1 to indicate the very last one. in this case, the split function moves the ip address to the very end. now we can capture that array member and bring it back. check it out:</p>
<div><pre style="border-top-style: none; font-size: 8pt; overflow: visible; border-left-style: none; font-family: consolas, 'Courier New', courier, monospace; width: 100%; border-bottom-style: none; color: black; padding-bottom: 0px; padding-top: 0px; border-right-style: none; padding-left: 0px; margin: 0em; line-height: 12pt; padding-right: 0px; background-color: #f4f4f4">PS C:\temp> <font color="#008000">((ipconfig | findstr [0-9].\.)[0]).Split()[-1]</font>
<font color="#000080">192.168.1.101</font></pre></div>
<p> </p>
<p>isn't that cool?</p>
<p> </p>
<p>here's a couple of other things that bob demonstrated. i'm sure you can figure them out on your own though. no point in be boring you with my narrative:</p>
<p>[MATH]::Round(((Get-WmiObject win32_computersystem).totalphysicalmemory / 1gb),2)</p>
<p>foreach($file in Get-ChildItem){$size =+ $file.length}</p>
<div class="blogger-post-footer">
<hr>
<a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>
<div class="blogger-post-footer">
<hr>
<a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-56287462022983260902015-07-14T22:21:00.001-05:002015-07-14T22:21:01.586-05:00Atlanta TechStravaganza 08.21.2015<p>Hey everyone!</p> <p>If you haven’t heard the news, we are holding another Atlanta TechStravanganza event this year. Once again, the event will be held at the Georgia Tech conference center here in the heart of Atlanta.</p> <p>Mark Minasi is heading down to kick it off as our keynote speaker. Pretty awesome right? We’re running three tracks (System Center, PowerShell, and Infrastructure) full of great content. On top of that, Tommy will be hanging around running a lab if you want to get some hands-on experience.</p> <p>Your ticket also includes meals, entry into prize giveaways, and plenty of networking opportunity. Cost? FREE! Because we work with generous companies that love to support the community, this event never costs you a penny.</p> <p>Ready to sign up? You should probably hurry. Half of the tickets are already gone. Head on over to our brand new site at <a href="http://atltechstravaganza.com">http://atltechstravaganza.com</a>. Hope to see you there! 37 days left!</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-26091604802340590092015-05-19T17:33:00.000-05:002015-05-19T17:33:00.044-05:00Bind Response: InvalidCredentials<p>Sometimes I get the strangest things that come across my desk. As a manager, I don’t have a lot of time for troubleshooting so when I do get ahold of something, it’s fun to tear apart. I told my team about my findings. One of them asked how I arrived at the answer… so I thought I’d blog it just in case it interests anyone else.<img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" src="https://tse1.mm.bing.net/th?&id=JN.vcMygXZJ1j9V7WrSh0jZ1A&w=300&h=300&c=0&pid=1.9&rs=0&p=0&r=0" width="79" align="right" height="79"></p> <p>As a favor to a coworker, I looked into an application configuration problem that was described as such:</p> <ul> <li>Application is configured for LDAP.</li> <li>All users can successfully log into the application except one person.</li> <li>This one person is also the administrator of the application.</li></ul> <p>The app owner indicated they were seeing timeout errors in their logs. There was no denying it. The call was timing out:</p><pre class="csharpcode">Servlet.service() <span class="kwrd">for</span> servlet dispatcher threw exception
javax.naming.NamingException: LDAP response read timed <span class="kwrd">out</span>, timeout used:-1ms.; remaining name <span class="str">''</span>
at com.sun.jndi.ldap.Connection.readReply(Connection.java:483)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
</pre>
<p>To respond to that, the first thing we did was check the LDAP configuration to make sure it wasn’t misconfigured anywhere. I couldn’t tell if they what it was timing out to. A bind request? A search request? Who knows.</p>
<p>What little there was in the ldap.properties file looked appropriately set so they went back to scour more logs. I asked them to verify there was no application wonkiness by making someone else an admin and having them log on. Negative. All good. Now we’re getting somewhere.</p>
<p>Of course, you never find the log that tells you exactly what’s going on. I’m pretty sure this is why packet tracing became a thing. I asked for a trace. This is what the trace revealed:</p>
<p><a href="http://lh3.googleusercontent.com/-ogHpFLA_a0Q/VVuQIF_tS5I/AAAAAAAABkA/FqeOIcUVW0Y/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-YBAU3o1-gf4/VVuQITcMU1I/AAAAAAAABkE/cuMSH2iTXio/image_thumb%25255B2%25255D.png?imgmax=800" width="624" height="55"></a></p>
<p>Now we can confirm that indeed the user’s attempt to bind fails. He had no problem logging into other things though -- his workstation for example. I told the app team that the user was not providing his credentials properly, or it was an application problem. They weren’t sure where to go next. I figured it had to be the logon form, though, so I tried one more thing.<a href="http://lh3.googleusercontent.com/-yT7QEq1rnEM/VVuQImfIu2I/AAAAAAAABkQ/Drd_yH0hkjI/s1600-h/404%25255B3%25255D.png"><img title="404" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="404" src="http://lh3.googleusercontent.com/-OAc3Y8fWeuQ/VVuQJCYbnKI/AAAAAAAABkU/iaPcn70v_0I/404_thumb%25255B1%25255D.png?imgmax=800" width="240" align="right" height="176"></a></p>
<p>I asked the user to tell me the character length of his password and verified the character length of the form. The form truncated at least two characters off his password. The password is masked and at such a length that you might not realize little dots weren’t continuing to show up. :o)</p>
<p>PROBLEM SOLVED! The LDAP response InvalidCredentials was indeed correct. Once you get the application logs out of the way and go straight down to the packet, you can see so much more. That’s my lesson of the day.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-44708324457259663652015-03-29T19:43:00.000-05:002015-03-29T19:43:00.094-05:00Embedding Expressions in Select-Objects<p>I had my first taste of using Select-Objects in a way more than just modifying values on output or to specifically pick a set of attributes to list. <img style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; float: right; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" src="https://farm9.staticflickr.com/8585/16738171645_3895751771_z.jpg" width="312" align="right" height="213"></p> <p>When someone asks for a list of users and their managers, meh, no big deal. When they ask for the user, their manager, and their manager’s email address -- well, no big deal but not as much of a no big deal as the first one.</p> <p>I found it a bit annoying that I had to write a script to do this every time I wanted to get this type of information so I did a bit of exploring. Turned out a little while ago, while experimenting in optimizing speed in a script, I had tried a <a href="http://social.technet.microsoft.com/wiki/contents/articles/7804.powershell-creating-custom-objects.aspx">method of using Select-Object to create a custom object</a>.</p> <p> </p> <h5>Using Select-Object to Pull Manager Detail on the Fly</h5> <blockquote> <div class="csharpcode"><pre class="alt">$myData | select </pre><pre> @{n=<span class="str">'UserId'</span>;e={$_.samaccountname}}, </pre><pre class="alt"> @{n=<span class="str">'Created'</span>;e={$_.lastlogon}}, </pre><pre> @{n=<span class="str">'Name'</span>;e={$_.name}}, </pre><pre class="alt"> @{n=<span class="str">'Manager'</span>;e={$_.manager}},</pre><pre> @{n=<span class="str">'Manager Email'</span>;e={ </pre><pre class="alt"> (get-aduser $_.manager -properties mail).mail </pre><pre> }</pre><pre class="alt"> }</pre></div></blockquote>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>Hopefully this makes sense. I broke it out so it’s clearer to read. For my example, I already had a dataset with specific information in it. I just needed to pipe it out and get the manager email. I piped this to export-csv to create a file to look at.</p>
<p>The meaningful part here is that you can embed things in the expression -- like the Get-AdUser call.</p>
<p> </p>
<h5>Slightly More Challenging</h5>
<blockquote>
<div class="csharpcode"><pre class="alt">$myData | select </pre><pre> @{n=<span class="str">'UserId'</span>;e={$_.samaccountname}}, </pre><pre class="alt"> @{n=<span class="str">'Logon'</span>;e={$_.lastlogondate}}, </pre><pre> @{n=<span class="str">'Name'</span>;e={$_.name}}, </pre><pre class="alt"> @{n=<span class="str">'Manager'</span>;e={ </pre><pre> (get-aduser $_.samaccountname -Properties manager).manager </pre><pre class="alt"> }</pre><pre> }, </pre><pre class="alt"> @{n=<span class="str">'Manager Email'</span>;e={ </pre><pre> (get-aduser $(get-aduser $_.samaccountname -Properties manager).manager -properties mail).mail </pre><pre class="alt"> }</pre><pre> }`</pre></div></blockquote>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>And again, I broke this out but in reality ran it on a single line. In this case, I didn’t have the manager value already so I had to run a command in both expressions -- manager and manager email.</p>
<p>This process isn’t going to scale well with a lot of data elements. This is just to show you something that might save you a little time if you’re just tooting around. :-)</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-9524537814310042912015-03-27T11:18:00.000-05:002015-03-27T11:18:00.051-05:00DHCP Scope Information<p>Thought I’d squeeze in this post before Windows Server 2003 drifts off into the sunset. (Don’t pretend like you don’t have these servers floating around.)</p> <p>Okay, so, I was recently asked to validate that some DHCP scope work was performed correctly. Validation in this case was to pull all the scope options. It would have been immensely helpful to use PowerShell to do this. However, I made do without it using <a href="http://technet.microsoft.com/en-us/library/jj129394.aspx">Netsh</a>.</p> <p> </p> <h5>Retrieving Scope Options for a Single Scope</h5> <p> <div class="csharpcode"><pre class="alt">netsh dhcp server <servername> scope <scopeaddr> show optionvalue</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
</p>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>That’s easy. How about for every scope on my server? That’s easy, too, as it turns out.</p>
<p> </p>
<h5>Retrieving Scope Options for All Scopes</h5>
<div class="csharpcode"><pre class="alt"><span class="kwrd">for</span> /f %a <span class="kwrd">in</span> (<span class="str">'netsh dhcp server <servername> show scope ^| find /i "."'</span> ) <span class="kwrd">do</span> @netsh dhcp server <servername> scope %a show optionvalue</pre></div> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-23380077870098161732015-03-26T17:10:00.000-05:002015-03-26T17:10:00.156-05:00PowerShell: Updating Terminal Services Profile Information<p>If you’ve done any dabbling in the AD cmdlets and attempted to update terminal services information, you’ll hit a wall with the traditional cmdlets. Why? Well, simply, what you see in AD Users and Computers is <a href="http://blogs.technet.com/b/heyscriptingguy/archive/2008/10/23/how-can-i-edit-terminal-server-profiles-for-users-in-active-directory.aspx">not the way the values are actually stored</a>, as Ed explains.</p> <p>Well, luckily, it turns out it’s not that hard. I was asked to come up with a process to update the profile path. This is a sample of what I ended up with:<pre class="csharpcode">$PathValue = <myUserPath><br>$myUser = <span class="str">"myUserName"</span>
$User = [ADSI]<span class="str">LDAP://$((Get-AdUser $myUser).distinguishedname)</span>
$User.psbase.invokeset(<span class="str">"TerminalServicesProfilePath"</span>,$PathValue)
$User.setinfo()</pre>
<p> </p>
<p>Back to the Scripting Guys’ script, here is a function that shows the possible values that can be modified:</p><pre class="csharpcode">function SetTSProperties()
{
$ou = [adsi]<span class="str">"LDAP://ou=mytestou,dc=nwtraders,dc=com"</span>
$user = $ou.psbase.get_children().find($userDN)
<font style="background-color: #ffff00"> $user.psbase.invokeSet(<span class="str">"allowLogon"</span>,1)
$user.psbase.invokeSet(<span class="str">"TerminalServicesHomeDirectory"</span>,$hDirValue)
$user.psbase.invokeSet(<span class="str">"TerminalServicesProfilePath"</span>,$ppValue)
$user.psbase.invokeSet(<span class="str">"TerminalServicesHomeDrive"</span>,$hdValue)</font>
$user.setinfo()
} #end SetTSProperties</pre>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style></p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-29702788552711720562015-02-09T16:24:00.001-05:002015-02-09T16:40:23.210-05:00PowerShell: Static Methods<p>Thanks PowerShell.com for the <a href="http://powershell.com/cs/blogs/tips/archive/2015/02/09/useful-static-net-methods.aspx">“Useful Static .NET Methods” PowerTip of the Day</a>. Read the article.</p> <p> </p> <p>Find all static methods.</p> <div class="csharpcode"><pre class="alt">[net.dns] | gm -MemberType *method -static</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p> </p>
<p>Find all signatures (overload definitions).</p>
<div class="csharpcode"><pre class="alt">[net.dns]::GetHostByAddress</pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p> </p>
<p>One last thing, if you’re looking for a good reference list of static methods that are useful, pick up a copy of <a href="http://shop.oreilly.com/product/0636920024132.do">Windows PowerShell Cookbook, 3rd Edition, by Lee Holmes</a>.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-89138793361850144912015-02-03T17:35:00.000-05:002015-02-03T17:35:00.415-05:00Importing a RSA Token on Windows Phone<p>I recently (this morning) had the good fortune of having to recover my Windows Phone. I run a Lumia 920. It’s been rock solid but recently have had stability issues. It kept locking up and rebooting itself randomly. This morning, it locked up. I rebooted it, and it locked up again. Finally, I rebooted it once more and got the light blue screen of death with the frowny face.</p> <p>While thinking about all of the apps I would have to go in and configure, the one I dreaded most was getting my RSA token reconfigured. Why? I didn’t bother to write down the steps the last time I went through it. Now, I will remedy that problem.</p> <p>Here we go.</p> <ul> <li>Get the <a href="http://www.windowsphone.com/en-us/store/app/rsa-securid/5bb8f454-7a2f-4818-b3fb-2570fe7e2f6a"><strong>RSA SecurID</strong></a> app from the Windows Phone Store <a href="http://www.windowsphone.com/en-us/store/app/rsa-securid/5bb8f454-7a2f-4818-b3fb-2570fe7e2f6a"><strong>HERE</strong></a>.</li> <li>The next thing you need to do is to install the <a href="http://www.emc.com/security/rsa-securid/rsa-securid-software-authenticators/converter.htm"><strong>RSA SecurID Software Token Converter</strong></a>. (All you really need is the TokenConverter.jar file.)</li> <li>Next, however you do it, request a token.</li> <li>Once you got the token, put the token (usually ends in .stdid) and the TokenConverter.jar file into the same directory.</li> <li>Next, open a command prompt and navigate to the directory you put the files in.</li> <li>Type the following command:</li></ul> <div class="csharpcode"><pre class="alt"><blockquote style="margin-right: 0px" dir="ltr"><p>java.exe -jar TokenConverter.jar .\myToken.sdtid -winphone -o .\myFile.txt</p></blockquote></pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<ul>
<li>If this fails, your administrator might have established a password on the token. Add the password using the -p switch and run the command again.</li>
<li>Upon success, the myFile.txt will contain the path you need for your RSA SecurID app. The file contents will look something like this:</li></ul>
<div class="csharpcode"><pre class="alt"><blockquote style="margin-right: 0px" dir="ltr"><p>com.rsa.securid://ctf?ctfData=longstringofnumbers</p></blockquote></pre></div>
<style type="text/css">.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
</style>
<p>Grab that path. You’re going to need it for your app. All you have to do now is open the app and put the path in there.</p>
<p><img src="https://s3.amazonaws.com/pushbullet-uploads/ujD5rPi5roa-VmmcBFOi1ekJLd3hsYK4wslLdpzSgLcn/wp_ss_20150203_0002.png" width="289" height="480"></p>
<p>Hit the checkbox. You’re good to go.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-77481444109811561892015-01-26T18:25:00.000-05:002015-01-26T18:25:00.488-05:00Enabling the Windows 10 Calendar<p>Are you running the Windows 10 Technical Preview yet? If so, here’s a little refresh for the new calendar. The problem is, you might need to hack your registry to get it to show up.</p> <p>Does your calendar look like this?</p> <p><a href="http://lh4.ggpht.com/--8e0bsZfROA/VMaGyDippgI/AAAAAAAABhI/0ar3ZzxZVYg/s1600-h/image%25255B18%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh4.ggpht.com/-CekjDJiPISk/VMaGyvnTwqI/AAAAAAAABhM/v7_QULSRKmM/image_thumb%25255B12%25255D.png?imgmax=800" width="358" height="269"></a></p> <p> </p> <p>Try the registry hack to get it to look like this:</p> <p><a href="http://lh4.ggpht.com/-TkTgp6NFMr8/VMaGyzyGh0I/AAAAAAAABhU/z6cbXC7NS5I/s1600-h/image%25255B17%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh4.ggpht.com/-yLQ_T8Csk-Y/VMaGzTuIlTI/AAAAAAAABhc/x4cJsBiw2Io/image_thumb%25255B11%25255D.png?imgmax=800" width="381" height="557"></a></p> <p> </p> <p>Here’s the hack:</p> <ul> <li>Open the Registry Editor (regedit).</li> <li>Head to this path: <em>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell</em></li> <li>Create a new <strong>DWORD (32-bit) Value</strong> entry.</li> <li>Name it <strong>UseWin32TrayClockExperience</strong>.</li></ul> <p><a href="http://lh5.ggpht.com/-vGye8loB9x4/VMaHQVApj5I/AAAAAAAABho/002_hkpx45o/s1600-h/image%25255B23%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh4.ggpht.com/-tbpSq-n7SMU/VMaHQnWr6dI/AAAAAAAABhs/Q2r7o_IM4hc/image_thumb%25255B15%25255D.png?imgmax=800" width="550" height="135"></a></p> <p> </p> <p>That’s it!</p> <p>Try click on the clock on your taskbar. You should now see the refreshed calendar. :)</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0tag:blogger.com,1999:blog-15559937.post-63668630562053404952015-01-13T11:23:00.001-05:002015-01-13T11:23:38.144-05:00Jump to Conclusions About Leap Seconds<p>What a better way to start off the new year than to write about the leap second. According to Wikipedia, the leap second system, designed to adjust for “irregularities in the Earth’s rate of rotation”, was introduced in 1972. Since that point, 25 leap seconds have been inserted to adjust the atomic time. Most recently, it occurred on <strong>June 30, 2012 at 23:59:60 UTC</strong>. That’s right. A leap second is displayed as :60.</p> <p>Since time is the topic today, I was reading a <a href="http://blogs.msdn.com/b/mthree/archive/2015/01/08/leap-seconds-010815.aspx">blog post on this event as it pertains to Windows</a> this morning and thought I’d share a few interesting points and observations:</p> <ul> <li><a href="http://support.microsoft.com/kb/909614">In KB 909614 How the Windows Time service treats a leap second</a>, the article seems to indicate that the Windows Time service does not do anything with the leap indicator. During this point, the NTP client will be a second faster than the atomic time which is resolved at the next time sync. The wording is a little confusing to decipher in my opinion.</li> <li>Most applications cannot handle leap seconds since the time structure only allows a range of 00-59, not 60. Even when a leap second occurs, they are usually not sent to the application by the system clock.</li> <li>Time drift happens all the time. If you’re a domain administrator (by trade, not your permissions<sup>1</sup>) then you know what I’m talking about since you have time drift with Kerberos is a pretty big deal. These drifts are corrected by a sync. From that perspective, leap seconds aren’t really treated any differently.</li> <li>If you synchronize your Windows Time service with a GPS time source, <a href="http://tycho.usno.navy.mil/leapsec.html">note that the Time Service Department of the US Naval Observatory</a> states the following: “GPS Time is NOT adjusted for leap seconds.”</li></ul> <p>Okay, cool. If time adjustments for leap second are cleared up on the next sync, then when does the next sync actually happen? Well, the answer is, I’m not sure. It’s not totally clear. It seems the behavior for stand-alone clients differ from those that are domain members. For stand-alone NTP clients, the value is every 7 days or 604,800 seconds. </p> <p> </p> <h3>Stand-Alone Client Behavior</h3> <p>Before I confuse things much further, let’s take a look at the registry to see what’s in there -- <strong>HKLM\SYSTEM\CurrentControlSet\services\W32Time</strong>. First thing to look at is the Parameters key. Here are some relevant things:</p> <ul> <li><strong>Type</strong>. If the type is set to NT5DS, congratulations, you are a domain member. You can skip this section.</li> <li><strong>NtpServer</strong>. This a space delimited set of time sync sources. Not only is host important, you need to make sure the appropriate a flags are set. Normally, it will be 0x9 which indicates a combination of Client + SpecialInterval.</li> <ul> <li>0x01 SpecialInterval</li> <li>0x02 UseAsFallbackOnly</li> <li>0x04 SymmetricActive</li> <li>0x08 Client</li></ul></ul> <p>Switch over to the <strong>TimeProviders\NtpClient</strong> key. The SpecialPollInterval value is supposed to define how often your client will sync. I’ve <a href="http://www.pretentiousname.com/timesync/">read where someone did not get the desired result</a>. Maybe the NtpServer value wasn’t set correctly since it wasn’t mentioned in the post.</p> <ul> <li><strong>SpecialPollInterval</strong>. Define in seconds how often to sync with time sources listed in NtpServer.</li></ul> <p> </p> <h3>Domain Client Behavior</h3> <p>It’s hard to find any new data on this as the <a href="http://support.microsoft.com/kb/224799">newest thing I can find dates back to a Windows 2000</a> article. Remember the Type value I mentioned earlier? If it’s set to NT5DS, it should act as the article indicates which means typically, the client will sync every 45 minutes.</p> <p> </p> <p> </p> <p>Not the first time I’ve been wrong on this topic especially considering I haven’t validated the stand-alone process yet. It gets confusing because of the behavioral differences in stand-alone versus domain-joined. If you find some good info, please comment!</p> <p><sup>1</sup> If you’re not a domain administrator by trade and have domain administrator permissions, I need to speak to your real domain administrator.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com1tag:blogger.com,1999:blog-15559937.post-25901784075952211072015-01-02T08:14:00.001-05:002015-01-02T08:14:07.971-05:00Top 20 of 2014<p>Hello everyone. These are the 20 most frequented views on my blog last year. I’m really surprised how many old posts continue to get visited. I guess some things in technology change slower than others. I’m guilty of running some pretty old platforms (by today’s standards.) New year resolution?</p> <ol> <li><a href="http://marcusoh.blogspot.com/2009/07/understanding-ad-op-master-is.html">Understanding the “AD Op Master is inconsistent” Alert</a></li> <li><a title="http://marcusoh.blogspot.com/2008/04/how-to-retrieve-your-ip-address-with.html" href="http://marcusoh.blogspot.com/2008/04/how-to-retrieve-your-ip-address-with.html">How to Retrieve Your IP Address with PowerShell</a></li> <li><a href="http://marcusoh.blogspot.com/2011/04/sccm-content-hash-fails-to-match.html">SCCM: Content Hash Fails to Match</a></li> <li><a href="http://marcusoh.blogspot.com/2011/02/how-to-use-dropbox-to-synchronize.html">How to Use Dropbox to Synchronize Windows 7 Sticky Notes</a></li> <li><a href="http://marcusoh.blogspot.com/2011/04/sccm-client-stuck-downloading-package.html">SCCM: Client Stuck Downloading Package with BIT*.TMP Files in Cache Directory</a></li> <li><a href="http://marcusoh.blogspot.com/2010/02/search-programs-and-files-no-longer.html">Search Programs and Files No Longer Works in Windows 7 (Only Shows Headers)</a></li> <li><a href="http://marcusoh.blogspot.com/2009/08/using-powershell-to-list-active.html">Using PowerShell to List Active Directory Trusts</a></li> <li><a href="http://marcusoh.blogspot.com/2012/05/computerip-status-activity-throws-raw.html">“Get Computer/IP Status” Activity Throws Raw Socket Error</a></li> <li><a href="http://marcusoh.blogspot.com/2010/10/sccm-custom-data-discovery-records-ddrs.html">SCCM: Custom Data Discovery Records (DDRs) Using PowerShell</a></li> <li><a href="http://marcusoh.blogspot.com/2011/08/sccm-integrating-dell-warranty-data.html">SCCM: Integrating Dell Warranty Data Into ConfigMgr</a></li> <li><a href="http://marcusoh.blogspot.com/2010/02/sccm-clients-fail-to-apply-policy.html">SCCM Clients Fail to Apply Policy</a></li> <li><a href="http://marcusoh.blogspot.com/2013/04/sccm-required-permissions-for-creating.html">SCCM: The Required Permissions for Creating Collections</a></li> <li><a href="http://marcusoh.blogspot.com/2011/11/sccm-computers-with-names-greater-than.html">SCCM: Computers with Names Greater Than 15 Characters</a></li> <li><a href="http://marcusoh.blogspot.com/2009/09/list-active-directory-subnets-with.html">List Active Directory Subnets with PowerShell</a></li> <li><a href="http://marcusoh.blogspot.com/2010/09/ssrs-variable-name-has-already-been.html">SSRS: The Variable Name Has Already Been Declared -- When Working with Temp Tables</a></li> <li><a href="http://marcusoh.blogspot.com/2014/06/excel-my-first-use-of-power-query-and-i.html">EXCEL: My First Use of Power Query (And I Love It)</a></li> <li><a href="http://marcusoh.blogspot.com/2008/12/using-preloadpkgonsiteexe-to-stage.html">Using PreloadPkgOnSite.exe to Stage Compressed Copies to Child Site Distribution Points</a></li> <li><a href="http://marcusoh.blogspot.com/2012/11/sccm-top-console-users-report.html">SCCM: Top Console Users Reports</a></li> <li><a href="http://marcusoh.blogspot.com/2008/10/executing-batch-files-remotely-with.html">Executing Batch Files Remotely with PSExec</a></li> <li><a href="http://marcusoh.blogspot.com/2009/10/list-domain-controllers-with-powershell.html">List Domain Controllers with PowerShell</a></li></ol> <p>And that’s it! Hope you all have a spectacular 2015.</p> <div class="blogger-post-footer"><hr /><a href="http://marcusoh.blogspot.com">marcusoh.blogspot.com</a></div>Marcus Ohhttp://www.blogger.com/profile/16669592705989568859noreply@blogger.com0