Jerald.Net
A little VB.Net, SQL, and whatever else comes to mind...
Blog » All Tags » LDAP (RSS)

Browse by Tags

  • VB.Net: Returning AD UserName from Multi-Domain Forrest

    Growth sometimes brings out the unexpected flaws in designs. What seems like a quick solution, may intern lead to what I have affectionately call 'Learning Opportunities'.After a recent expansion from a single domain environment to a multi-domain forest, the following VB.Net function ceased functioning for retrieving the user's full name. Public Shared Function GetADUserName() As String Dim returnString As String = String .Empty If HttpContext.Current.User.Identity.IsAuthenticated Then...

  • More LDAP Queries: Accounts never logged in

    In continuing to audit a network, the number of accounts in Active Directory did not match employee records, nor previous asset records. While using the interval variable for lastLogonTimeStamp will find accounts that have not logged on in a specific time period, it will not find accounts which have never logged on. The following queries will find them: (&(objectCategory=Computer)(!lastLogonTimeStamp=*)(!userAccountControl:1.2.840.113556.1.4.803:=2)) (&(objectCategory=User)(!lastLogonTimeStamp...
    Filed under: ,

  • LDAP to find users with Remote Access Privileges

    We have all been in the position where we have started a new job with an existing organization where security was somewhat lax. Inevitably during the process of locking the network down you have to deal with the VPN / Dial-up access problem. The first step is to determine who already has access. This is fairly easy to accomplish using LDAP filters. (&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)) This filter will show you all of the user accounts that have Allow Access checked...
    Filed under: ,

  • Exchange 2003 Query Based Distribution Lists

    This week I was faced with finding a way to clean up a few of the query based distribution lists that were created by a previous consultant group. The major problem with the queries is that they didn't take into account the dynamics of organizational turn over. The query based DL's were configured to send to every object that had an email address in that exchange store for each OU. This meant that NDR's (Non Deliverable Reciepts) were being sent for every disabled account in those OU's...
    Filed under: ,

  • Active Directory Custom Filters

    Over the last month I have been working more intensely with Windows 2003 Active Directory. In this process I have found the need to create custom filters to make finding objects and updating security policies easier. So thought it would be helpful to others to share my set of custom filters. To use these filters you need to open the ADUC snap in and right click on Saved Queries. Select 'New' then 'Query'. Click the 'Define Query' button. A new window will open. In the Find...
    Filed under: ,
© Jerald Carter 1999 - 2008
Powered by Community Server (Non-Commercial Edition), by Telligent Systems