The Japan Page

When surfing the web for Exchange documentation last week, I ran across several links to MS KB articles on http://thesource.ofallevil.com . When you click on the links, you go to the MS web site. What, Microsoft is the The Source of All Evil ? And here I thought it was www.whitehouse.gov , at least until January 2009.

If you don't believe, try the following Google search: site:ofallevil.com . The results are pretty impressive with 98k records, I'd say this is a pretty good 'Reverse Google Bomb' ? We need a better term for this, maybe it's a elgoog? As in "Look, we've been elgooged".

Results 1 - 10 of about 98,000 from ofallevil.com. (0.45 seconds)

And the Japan Page's favorite is the MSDN Japan page at http://thesource.ofallevil.com/japan/msdn/

Digging a little with a simple Whois query shows the domain registered on register.com to:

Domain name: ofallevil.com

Administrative Contact:
Whois Privacy Protection Service, Inc.
Whois Agent (fcjbfhmyf@whoisprivacyprotect.com)
+1.4252740657
Fax: +1.4256960234
PMB 368, 14150 NE 20th St - F1
C/O ofallevil.com
Bellevue, WA 98007
US

The site owner is hiding behind a mail and whois anonymizer service, but Bellevue Washington (for the geographically challenged, it's the big one on the left side of the US), is just down the freeway from Redmond, home of Microsoft corporation.

You can dig through DNS, or use the Reverse IP DNS Domain Check Tool here. Type in thesource.ofallevil.com and hit submit, you'll get the following:

thesource.ofallevil.com has address 207.46.19.30
Found 23 websites with the IP 207.46.19.30

1) 207.46.19.30
2) partner.microsoft.com
3) www.microsoft.co.ke
4) certpartner.one.microsoft.com
5) e-typedesign.co.uk
6) labs.microsoft.com
7) labs.msdn.microsoft.com
8) members.microsoft.com
9) microsoft.atat.at
10) microsoft.co.ke
11) microsoft.com
12) microsoft.com.nsatc.net
13) ms.helifan.net
14) msdn.microsoft.com
15) oem.microsoft.com
16) office.microsoft.com
17) r.email.microsoft.com
18) r.office.microsoft.com
19) research.microsoft.com
20) support.microsoft.com
21) svcs.microsoft.com
22) technet.microsoft.com
23) thesource.ofallevil.com


Someone with a slightly twisted sense of humor as reverse Google bombed (elgoog'ed ?) Microsoft. I love it.

Posted by John Seaman at 10:42 AM | Permalink | Comments (0)

Here's a night view of the Jumpin' Jellyfish ride at California Adventure Park (next to Disneyland). This was my first night photography outing with my Nikon D70, and was shot free-hand (f3.5, 1/6 s) braced against a fence. (2006.12.27, Anaheim CA)

Posted by John Seaman at 9:40 PM | Permalink | Comments (1)

During an Exchange migration I needed a script to move 200 users into an OU indicating they were migrated. Since the source OU's for these users is all over the place, I took to placing a custom attribute and doing an ADUC saved query (LDAP) search to find them, then select in mass and moved them.

Throw in AD replication delays and such and, why not do the whole thing from a script? So, here's a really simple way to move objects in AD.

Requires:

• ADmod.exe and Adfind.exe from Joeware.net (free).
• This script uses texttools32 from Firefly software. You can use any equivalent command line text editor with some minor changes.

The Code:

@echo off
::REM --------- Begin sample batch script --------------
::REM Sample batch programming script
::REM (C)2006 John D. Seaman, Copylefted under terms of the GNU/GPL
::REM by John D. Seaman, www.japan-page.net/batch


::REM This script will take the userID (samAccountName) and look up the object DN in AD.
::REM It will then move it to the location specified in moveToDN.
::REM Create an input file (listing of userIDs) in a text file userlist.txt, one entry per line.

::REM Create log file
set _log=moveUser.log

::REM Set variables here (replace with your domain info)
set _baseDN="DC=mydomain,DC=com"
set _moveToDN="OU=PutUsersHere,DC=mydomain,DC=com"
set _dc=myDomainController

::REM Set up a loop and process users

for /f %%i in (userlist.txt) do call :moveUser %%i

echo.
echo Completed

echo Cleaning up...
del /q _out.txt _userDN*.txt

echo.
pause
goto :EOF

::REM -----------------------------------------------------------------------------------------

:moveUser
::REM Start

echo Now moving user %1...

::REM ---------------------
::REM Get username base DN:
::REM ---------------------

::REM Time to get jiggy...

adfind -b %_baseDN% -f "(samAccountName=%1)" -dn >_out.txt

::REM Extract only the line containing the user object DN
type _out.txt | find "dn:" >_userDN.txt

::REM Fix the UserDN by nuking the first 3 characters...
::REM This example uses t.exe, AKA Texttools32 from Firefly Software. You might
::REM also be able to use the GNU 32 version of SED, etc.

type _userDN.txt | t repl 'dn:' '' >_userDN1.txt

for /f "delims=@" %%i in (_userDN1.txt) do (
echo User %1 DN is %%i
echo User %1 DN is %%i>>%_log%
echo Moving object %1...>>%_log%
admod.exe -h %_dc% -b %%i -move %_moveToDN%
)

goto :EOF

:EOF

This script will modify objects in AD, be very careful what you are doing. The author takes absolutely no responsibility for use of this script. This script is provided as-is for educational purposes only.

Posted by John Seaman at 5:31 PM | Permalink | Comments (0)

My brother-in-law Gary Hill (far right in florescent yellow) is doing the 545 mile, 7 day San Francisco to Los Angeles fundraiser bike ride AIDS / Lifecycle.

He's turning 40 this year, so I guess this is his way to postpone (or hasten?) his mid-life crisis. Gary's a really great guy and we're wishing him all the best. We're also going to prepare a case of Salonpas (Japanese Ben-Gay) for him.

You can see his AIDS / Lifecycle page here, and donate to this worthy cause too. We did!

Good luck Gary !!

Posted by John Seaman at 8:50 PM | Permalink | Comments (0)

Here's a handy query to find all non-disabled users (not contacts, groups, etc) with a specific SMTP address (primary or otherwise):

(objectCategory=person)(objectClass=user)(mailnickname=*)
(proxyAddresses=smtp:*@mydomain.tld)
(!userAccountControl:1.2.840.113556.1.4.803:=2)

Detailed explanation of the fields:

By using both (objectCategory=person) and (objectClass=user) we exclude contacts and groups.

(Mailnickname=*) Limits the search to mail enabled objects in AD

(ProxyAddresses=smtp:*@mydomain.tld) Searches for the address regardless of being primary or otherwise.

And of course the old reliable: (userAccountControl:1.2.840.113556.1.4.803:=2) Signifies a disabled user account.

But only the migrated users have an extra smtp address @subdomain.old-domain.tld. So I query for all non-disabled mail enabled users who have 1) an address in @old-domain.tld and 2) another address in @subdomain.old-domain.tld.

The Query:
(objectCategory=person)(objectClass=user)(mailnickname=*)(proxyAddresses=smtp:*@mydomain.tld)
(proxyAddresses=smtp:*@subdomain.old-domain.tld)
(!userAccountControl:1.2.840.113556.1.4.803:=2)

Note: LDAP is not case sensitive so it can't distinguish between smtp: and SMTP: . Sorry, you can't find the primary SMTP: address this way, but you can search against (mail=) which generally corresponds to the primary SMTP address.

Posted by John Seaman at 11:55 AM | Permalink | Comments (0)

Recently while troubleshooting a RUS (Exchange Recipient Update Service) issue MS pointed out how the repadmin.exe command could output the meta data on AD objects.

This was quite useful in this case, a process outside of RUS was modifying newly created user accounts before the RUS stamped the objects.

Command:
repadmin /showobjmeta AD_DC_server "CN=Enduser\, Jane,OU=UserAccounts,DC=mydomain,DC=tld" >out.txt

You can export the DN for the object you are looking for using ldp.exe or use AdFind from Joeware.net .

Output:

The entries in red are where another DC outside of my site and my local RUS server made changes.

Caching GUIDs.
..
53 entries.

Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========

31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectClass
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 cn
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sn
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 description
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 givenName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 instanceType
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 whenCreated
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 displayName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 homeMTA
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 proxyAddresses
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 homeMDB
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 nTSecurityDescriptor
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 mDBUseDefaults
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 mailNickname
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 replicatedObjectVersion
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 name
31821530 MyDomain\MyDCServer 31821530 2007-01-13 14:56:40 3 userAccountControl
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 codePage
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 countryCode
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 homeDirectory
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 homeDrive
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 dBCSPwd
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 scriptPath
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 logonHours
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 userWorkstations
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 unicodePwd
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 ntPwdHistory
31821528 MyDomain\MyDCServer 31821528 2007-01-13 14:56:40 3 pwdLastSet
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 primaryGroupID
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 1 supplementalCredentials
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 userParameters
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 profilePath
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectSid
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 comment
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 accountExpires
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 lmPwdHistory
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sAMAccountName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sAMAccountType
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 showInAddressBook
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 legacyExchangeDN
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 userPrincipalName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectCategory
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 textEncodedORAddress
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 mail
31822904 SomeOtherDataCenter-Exchange\ODC-AD11AD 7964633 2007-01-13 15:05:42 1 msExchPoliciesIncluded
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchHomeServerName
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 replicationSignature
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 msExchALObjectVersion
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 msExchADCGlobalNames
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchMailboxSecurityDescriptor
31822904 SomeOtherDataCenter-Exchange\ODC-AD11AD 7964633 2007-01-13 15:05:42 1 msExchUserAccountControl
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchMailboxGuid
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 dLMemDefault

Disclaimer: This information is provided as-is, I am not responsible if you blow away all your DC's by mistake. Don't sand lead paint and be sure to eat more oatmeal.

See the full syntax on Technet here.

Technorati : AD, Active Directory, Administration, Microsoft, Server, Windows

Posted by John Seaman at 11:24 AM | Permalink | Comments (0)

Turns out it's not so hard to sync Outlook Contacts on Windows Mobile 5 (WM5) across 2 Exchange servers.

What:
I run my personal Exchange 2003 at home, and the corporate Exchange 2003 system at the office. Since these are completely separate organizations I want to keep my just my contacts in sync at home and the office. I don't really want the office mail on my PDA, but the calendar is nice there.

WM5 and all previous versions I've used wouldn't allow this. But, with 1 registry tweak it's possible in WM5.

Set the following key to 1 (default is 0):
[HKEY_CURRENT_USER\Software\Microsoft\ActiveSync\EnableNonLocalCrossPollination] = 1 (DWORD)

So, in summary here's what I'm syncing using ActiveSync 4.2.

Home PC
Contacts (shared) Only allowed after enabling registry change.
Notes
Favorites
Files

Office PC
Notes
Favorites

Office Exchange Server
Contacts (shared)
Calendar
Tasks

Note: This information is provided as-is with absolutely no warranty. Be very careful when editing the registry !

Thanks to Juggs Ravalia @ MS for this solution. http://groups.google.com/group/microsoft.public.pocketpc.activesync/browse_frm/thread/3c269ef3f5c96321/48c16c74400cb034?tvc=1&

Posted by John Seaman at 7:11 PM | Permalink | Comments (0)

Of course, but at least Google has a sense of humor about it...

And of course the obligatory link to miserable failure . Despite being a Political Science major I generally prefer not to put up my political views here. But in this case, I just can't resist linking the Commander in Chief of Hubris with the term that best describes his foreign policy miserable failure .

Posted by John Seaman at 11:14 PM | Permalink | Comments (0)

Fall leaves on a stone temple stairway, Kyoto Japan. Click
here to see the entire series Fall Leaves in Kyoto
on www.JohnSeaman.com .

Posted by John Seaman at 11:00 PM | Permalink | Comments (0)

A bummer of a way to start the new year... 4 die choking on mochi rice cakes in Japan

Mochi (rice cake) is made from pounding cooked glutinous rice into a dense solid that dries as hard as a rock. It's usually served re-heated, so it becomes a super hot, dense mass that stretches like melted cheese. It's also served in a clear broth soup called o-zoni where the mochi soaks up water and becomes a pastey glue like substance. It's really not bad, and still safer to eat than the poisonous blowfish Fugu.

Mochi is a traditional food for the New Years Holiday food in Japan. (Shh, don't tell Jack Kevorkian...)

4 die choking on mochi rice cakes on Monday, Tuesday; others ill

Wednesday, January 3, 2007

TOKYO - Four men choked to death on Monday and Tuesday in Tokyo, Niigata and Ibaraki prefectures, and seven others in the capital became critically ill after choking on mochi rice cakes, a traditional New Year's food in Japan, police and firefighters said.

A 68-year-old man in Tokyo's Fuchu and a 76-year-old man in the capital's Sumida Ward died Tuesday after choking on the rice cakes, while a 74-year-old man in Ojiya, Niigata Prefecture, and an 80-year-old man in Chikusei, Ibaraki Prefecture, died likewise on Monday, they said. In Tokyo, a total of 16 people ranging in age from 65 to 91 were hospitalized due to choking on rice cakes on Monday and Tuesday, and two of them died and seven lost consciousness and were in a serious condition, the Tokyo Fire Department said.

Posted by John Seaman at 2:12 PM | Permalink | Comments (1)

Using a custom saved query in AD to find a specific SMTP address. This is helpful if you're having trouble finding the source of a conflicting SMTP address.

Limit search to users / contacts:
(&(objectCategory=user)(mail=address@mydomain.tld))

Wider search by SMTP address:
(&(proxyAddresses=smtp:address@mydomain.tld))

You can go further and query all users in a certain domain that aren't disabled.

(&(objectCategory=user)(mail=*@mydomain.tld)(!userAccountControl:1.2.840.113556.1.4.803:=2))

To do this from the command line, use CSVDE

csvde -f outputFile.csv -d "dc=mydomain,dc=tld" -r "(&(mail=*@mydomain.tld))" -l name -v -s addcname

using the following common switches:

-f is the output CSV file

-d is the base DN

-r is the LDAP formatted query

-l name will return just the name of the object. Drop this switch to return all attributes of the object.

-s is the DC name. You might need this in a larger environment with multiple domains.

Posted by John Seaman at 11:11 AM | Permalink | Comments (0)

Here's an easy way to connect to the remote console of a TS server... useful if you get "The terminal server has exceeded the maximum number of allowed connections." error message.

mstsc /v:10.10.0.1 /console

Where 10.10.0.1 is the IP address of the server in question. You'll have to boot a logged in console session account, if any. But, this proves that in remote admin mode you really can have 3 remote sessions.

From the command line, you can use the following to query RDP sessions.

qwinsta /server:10.10.0.1

Then to clear the "slacker" idle session (session 1), use

rwinsta /server:10.10.0.1 1

which is IP address plus ID number.

Posted by John Seaman at 9:55 AM | Permalink | Comments (0)

Here's a night view of California Adventure Park (@ Disneyland, Anaheim CA) at night.

This was my first night photography venture with the new (to me) Nikon D70. I typically shoot slide film so I was anxious to try out digital at night. I didn't expect a tripod would be allowed @ DL and didn't want to carry one around all day either, so this was a handheld shot.

Posted by John Seaman at 11:43 PM | Permalink | Comments (0)

Happy New Year Everyone. I've been knee-deep in a 1200 user Exchange 2003 migration since mid-November, and my posting frequency has dropped again. Ho Hum. Anyway, I'm trying Zoundry out today to see if the WYSIWIG editor is easy enough to get infrequent content updaters like myself motivated. We'll see.

Have a good 2007 !

Prospero ano y felicidad.

明けましておめでとうございます。

--john

Posted by John Seaman at 11:32 PM | Permalink | Comments (0)