February 23, 2010

csvde Command to show disabled accounts

Filed under: Information Technology — Tags: , , , , , , — Tim Lefler @ 4:53 pm

For audit purposes I needed to list all active directory users and prove that ex-employees were either deleted of disabled. There are a couple of techniques to produce the required output. I think the easiest was to make use of the csvde.exe.

Arguements for csvde.exe

CSV Directory Exchange
 
General Parameters
==================
-i              Turn on Import Mode (The default is Export)
-f filename     Input or Output filename
-s servername   The server to bind to (Default to DC of computer's domain)
-v              Turn on Verbose Mode
-c FromDN ToDN  Replace occurences of FromDN to ToDN
-j path         Log File Location
-t port         Port Number (default = 389)
-u              Use Unicode format
-?              Help
 
Export Specific
===============
-d RootDN       The root of the LDAP search (Default to Naming Context)
-r Filter       LDAP search filter (Default to "(objectClass=*)")
-p SearchScope  Search Scope (Base/OneLevel/Subtree)
-l list         List of attributes (comma separated) to look for in an
                LDAP search
-o list         List of attributes (comma separated) to omit from input.
-g              Disable Paged Search.
-m              Enable the SAM logic on export.
-n              Do not export binary values
 
 
Import
======
-k              The import will go on ignoring 'Constraint Violation' and
                'Object Already Exists' errors
 
 
Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.
 
-a UserDN [Password | *]            Simple authentication
-b UserName Domain [Password | *]   SSPI bind method
 
Example: Simple import of current domain
    csvde -i -f INPUT.CSV
 
Example: Simple export of current domain
    csvde -f OUTPUT.CSV
 
Example: Export of specific domain with credentials
    csvde -m -f OUTPUT.CSV
          -b USERNAME DOMAINNAME *
          -s SERVERNAME
          -d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
          -r "(objectClass=user)"
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option.

So to display whether a user is disabled or not we need to extract the “userAccountControl” property.
(more…)

February 12, 2010

MOSS Access Denied when trying to view workbook using Excel Services

Filed under: Sharepoint — Tags: , — Tim Lefler @ 2:03 pm

When trying to open a sample workbook using SharePoint Excel Services I got a nasty error:

You do not have permissions to open this file on Excel Services.

Make sure that the file is in an Excel Services trusted location and that you have access to the file.

Access Denied Message

In my case I had an Excel workbook in a ReportLibrary on my site.  And yes I had added the library to the SSP Trusted File locations using Central Administration.  Took me a bit of tinkering to figure out what was going on….

The URL to my ReportLibrary that contained the Excel spreadsheet was:  “http://sharepoint/Reports/ReportLibrary/Forms/current.aspx”

So I used this as the Trusted File Location.  Turns out that SharePoint doesn’t want the “/Forms/current.aspx” part of the URL identifying the Windows SharePoint Services Location….. AND the other trick is that the “Windows SharePoint Services” location has to end with a “/“.  So the URL I needed to use for the Trusted File Location is:  “http://sharepoint/Reports/ReportLibrary/”

Windows SharePoint Service Location ends with a "/"

Hope this helps to keep others out there from pulling there hair out and cursing SharePoint!!

February 2, 2010

Solaris 10 Project Resource Control Limits and how to monitor

Filed under: Unix / Solaris — Tags: , , , , , — Tim Lefler @ 3:49 pm

On Solaris 10 there are a number of resource limits that can be imposed on a Solaris 10 project.

The “prjstat -J” command gives you a nice basic summary of overall project resources being used. ”

PROJID    NPROC  SWAP   RSS MEMORY      TIME  CPU PROJECT
     3      350 6106M 2677M    16%  22:41:16 2.2% default
     1        4 2704K 4096K   0.0%   0:08:10 0.8% user.root
     0       45  198M  225M   1.4%   0:17:25 0.1% system
   100       13  121M   67M   0.4%   0:24:27 0.0% group.mqm

So from the output above you can see that I have 4 projects defined. On my system, of particular note is the fact that other than for members of group mqm everyone uses the “default” project to define limits system wide. So how do we find out what limits are currently defined?

The “prctl” command will give you the limits currently imposed for a particular process. Once again because everyone uses the “default” project simply sign-in as a normal user and execute the “prctl” command with “$$” as arguments to use the current shell’s process to determine resource limits. (more…)

Powered by WordPress