Imail Web Administration Page SSO.

In my opinion Imail’s Active Directory integration is rudimentary at best. They took the all or nothing approach. The following code is something I wrote to let users logon with their Active Directory account to manage their Distribution Lists. It generates a random password in Imail and then automatically logs them in to the system. The user never knows their Imail password and they think its all connected.

Its also a simple example of HTML form automation with javascript.

GPO to Disable IP6 on Vista and 2008

Quick ADMX GPO policy to disable IP6 on your network according to MS KB 929852

IP6_disable.admx

IP6_disable.adml

A.D.A.M or AD LDS

Here is my AdamSync config using the ProxyUser class. It took me a while to get everything going right but it works and after a full sync the incremental syncs take less than 30 seconds.

We do not sync our entire AD partition only a subset. After alot of reading objectCategory is better then objectClass because objectCategory is indexed in AD.

Active Directory Computer Accounts

I found this utility oldcmp on the internet that makes it easier to find old computer accounts in active directory.

You have to be careful with this utility so you do not accidentally delete computer accounts that are being used.

Another note, in my testing Macintosh computers do not update their computer password as frequently as PCs do.

Hidden Logon Script

This little vbscript wrapper will let you start a logon script hidden. Our logon scripts are batch and perl files and they all start with the black box. If you launch the script like hidelaunch.vbs logon.bat it will start the logon script hidden.

Set wshShell = CreateObject("WScript.Shell")
set args = wscript.arguments

command = ""

for each strArg in args
 command = strArg + " "
next

wshshell.run command, 0, false

Using perl to Parse AD’s UserAccountControl field

To parse the UserAccountControl field in Active Directory you have to use a bit-wise and of “&” and not “&&” to check the value. Below are some examples Here is a MSDN page that has more information.

This MS site also has more values listed.

#Check if the account is Disabled
$strStatus & 2

#Check if the account is Locked
$strStatus & 16

Dynamic VBS printer mapping

VBscript that reads the users info property in AD for a list of printers to map.

On error resume next
Set WshNetwork = Wscript.CreateObject("Wscript.Network")
set oUser = GetObject("LDAP://CN=" & WshNetwork.username & ",OU=Users,DC=Domain,DC=Local")
Printers=split(oUser.Get("info"),VbCrLf)
first=True
For i = LBound(Printers) to UBound(Printers)
  If first = True Then
   WshNetwork.AddWindowsPrinterConnection(trim(Printers(i)))
   WshNetwork.SetDefaultPrinter(trim(Printers(i)))
   first=False
  Else
   WshNetwork.AddWindowsPrinterConnection(trim(Printers(i)))
  End If
Next