Tuesday, March 20, 2012

Updated Version of AdFind and AdMod

Tuesday, March 20, 2012 1:20 PM  Blog-5  No comments

Joe Richards has published an updated version of his AdFind and AdMod tools.    More information at Joe’s website - http://blog.joeware.net/2012/03/19/2465/

AdFind/AdMod General

  • Fixed a bunch of bugs (especially around CSV stuff)
  • Fixed several usage typos

AdFind Specific High Level

  • Added dynamic determination of int8 time attributes. This is based on finding key words in the lDAPDisplayName or adminDescription properties.
  • Ditto for interval int8 attributes
  • Mentioned this previously, but changed -sc adobjcnt so that it add -gc anymore. You can add it in manually if you need it.
  • Added a bunch of decodes in the RootDSE and elsewhere for Windows 8 Active Directory and ADAM.
  • I know decode some RID specific attributes (like RID pool values, etc)
  • Decode msDFSR-Flags which I think some folks will find helpful when converting their FRS to DFSR.
  • You can specify a filter value like in -metafilter in the -ameta and -vmeta switches.
  • Added new switches for handing of the int8 time attributes: -int8time, -int8time-
  • Added cool new switches for messing with parent DN info: -dpdn, -pdn, -pdnu, -pdnq, -pdnuq
  • Added new switch for stats for Brian, he didn’t want the filter being printed out when it was massive so -statsnofilter
  • Added a new switch for people pushing AdFind CSV output into Excel. It handles some of the DN output differently. This format is completely and utterly and totally incompatible with import back in via AdMod. If people get irked about it, I will yank the switch out versus change it so it can be imported.
  • Added -cv switch which will count values on multivalue attributes. I find this is useful for working out how many group members there are etc in a given very large group.
  • And a really fun new switch… -exportfile. This switch allows you to export binary attributes to a file. So say you uploaded a pic to Active Directory and you want to retrieve it, you can! I actually was able to upload a copy of AdMod into a random large BLOB attribute with AdMod and then pull it back down from another DC in another location with AdFind. Now this isn’t something I generally recommend, but it is possible… And even more fun, I remember for years many of us would respond to people asking about putting pics into Active Directory that if you do that, you could be opening yourself up for a corporate "Hot or Not" web site. Well you can point AdFind at a branch of AD or the whole AD and tell it to export the pictures to files and it will zip right along and do that for you. If the attribute has the string "photo" in it it will automatically name the files RDN.jpg for you. Note if you  are using goofy RDNs that cannot be directly represented in file names there is no help for you right now, it may even look like it worked, but don’t complain if it didn’t. I have to think about how I want to handle that situation.

Posted in: ,

0 comments:

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More