Something in the subject caught my eye, not sure what it was... I have to admit to being pretty busy right now and not looking at most of the posts. During the day I am working on customers and writing internal KB articles for, well, internal use. During the evening I am doing all sorts of personal things as well as updating admod to fix a little bug <eg> and add binary update capability for writing GUID and SID attributes as well as binary blobs and also I have added password SET capability[1].
The weather ended up not being the greatest this last weekend so I checked the source out and started hacking away. Now I am trying to make sure I didn't break anything and the documentation will reflect the new functionality properly. Your prompting on the lowercase bug combined with the property set discussion prompted me to work on the binary update capability. I hacked my schema and made it so attributeSecurityGUID was multivalued and even after I did that ADSIEDIT wouldn't let me stick in multiple values so[2] I hacked admod to let me insert GUID values and it was able to. Unfortunately, AD still only looks at the first value and as ~Eric is quick to point out, order isn't guaranteed in multivalue attributes so just doing what I did is an interesting way to add an opportunity for inconsistent permissioning behavior. Exciting in and of itself, but unfortunately not in line with my goal. I expect to release the new version of admod in the next week. joe [1] This sucks, I actually broke down and used ADSI for this piece since there is no guaranteed LDAP mechanism. How many people really run certs and SSL on their DCs? How many of you that do looked at the perf between using SSL and not using SSL. Yes, security can be costly, but jeez! [2] LDP has made me burn up three left mouse buttons already from excessive clicking so I try to avoid it. :o) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Tuesday, May 17, 2005 3:52 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Adfind and GUID Good thing you spotted this thread. I had a feeling my answer needed some "tweaking" :-) -DaveC Reuters IS&T Service Delivery -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, May 17, 2005 1:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Adfind and GUID You will want to add -base to that if the GUID refers to a container type object. Basically what happens is that you are only setting a base DN for the search and by default, adfind will do a objectclass=* query from that base. So for instance, if you enter the GUID for an OU with a bunch of objects, you will end up dumping the OU attributes as well as all of the objects in that OU. It could be quite a surprise if you are expecting only a single object. :o) joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Tuesday, May 17, 2005 1:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Adfind and GUID A thread similar to this subject appeared on this list not too long ago. One nice way of doing that was with this syntax: adfind -b "<GUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>" -DaveC Reuters -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hutchins, Mike Sent: Tuesday, May 17, 2005 12:10 PM To: ActiveDir@mail.activedir.org Subject: [spam] [ActiveDir] Adfind and GUID OK, so am I missing something here? Following the directions for adfind, I am trying to locate an object by GUID. Here is my cmd line. What am I missing? adfind -binenc -f objectguid={{GUID:9AD0431B-B677-4BF9-A63E-DD29036123FF}} Help? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
