Ad | Stephen's Space on the Web

Imail Web Administration Page SSO.

On September 24, 2009, in Uncategorized, by admin

In my opinion Imail’s Active Directory integration is rudimentary at best. They took the all or nothing approach. The following code is something I wrote to let users logon with their Active Directory account to manage their Distribution Lists. It generates a random password in Imail and then automatically logs them in to the system. The user never knows their Imail password and they think its all connected.

Its also a simple example of HTML form automation with javascript.

‘imail glue, ‘stephen ‘The password is ROT13 encrypted. Its not secure but does the job. ‘The user must exists in Imail before they can logon. Set WshShell = CreateObject( “WScript.Shell” ) ‘our imail domain in the registry, this is so we can see if the user exists imailDomain = “your.domain.com” ‘the imail adduser utility. imailAddUser = “C:\Program Files\Ipswitch\IMail\adduser.exe” ‘get the logon username and remove the domain name from it username = replace(request.servervariables(“LOGON_USER”), “NTDomain\”,”",1,1,1) ‘generate a random password password = generatePassword(15) ‘check to see if they have an imail account if AccountExists(username) then ‘change password WshShell.exec imailAddUser & ” -mod -u ” & username & ” -p ” & password ‘write the html frames webpage, We use frames so we can use the onload event. writeframes() else ‘The error message could be better but it does the job. response.write “Your account does not exists” end if ‘*** Functions function AccountExists(username) ‘check to see if the user exists in the imail registry. on error resume next registrykey = WshShell.RegRead( “HKLM\SOFTWARE\Ipswitch\IMail\Domains\” & imailDomain & “\Users\” & username & “\MailAddr”) if err.number <> 0 then AccountExists = false else AccountExists = true end if end function Function generatePassword(passwordLength) ‘some asp function i found on the net to generate a random password. sDefaultChars=”abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVXYZ0123456789!#${}” iPasswordLength=passwordLength iDefaultCharactersLength = Len(sDefaultChars) Randomize’initialize the random number generator ‘Loop for the number of characters password is to have For iCounter = 1 To iPasswordLength ‘Next pick a number from 1 to length of character set iPickedChar = Int((iDefaultCharactersLength * Rnd) + 1) ‘Next pick a character from the character set using the random number iPickedChar ‘and Mid function sMyPassword = sMyPassword & Mid(sDefaultChars,iPickedChar,1) Next generatePassword = sMyPassword End Function Function rot13(rot13text) ‘some asp function i found on the net to generate a rot13 encrption rot13text_rotated = “” ‘ the function will return this string For i = 1 to Len(rot13text) j = Mid(rot13text, i, 1) ‘ take the next character in the string k = Asc(j) ‘ find out the character code if k >= 97 and k =< 109 then k = k + 13 ‘ a … m inclusive become n … z elseif k >= 110 and k =< 122 then k = k – 13 ‘ n … z inclusive become a … m elseif k >= 65 and k =< 77 then k = k + 13 ‘ A … m inclusive become n … z elseif k >= 78 and k =< 90 then k = k – 13 ‘ N … Z inclusive become A … M end if ‘add the current character to the string returned by the function rot13text_rotated = rot13text_rotated & Chr(k) Next rot13 = rot13text_rotated End Function sub writeFrames() ‘write the html frames and javascript to automate the imail form %> <html> <head> <title> Imail LS Glue </title> <script language=”javascript”> String.prototype.enc = function(){ return this.replace(/[a-zA-Z]/g, function(c){ return String.fromCharCode((c <= “Z” ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c – 26); }); }; function logon() { var s = “<%=rot13(password)%>”; parent.imail.document.form1.txtUserName.value=’<%=username%>’; parent.imail.document.form1.txtPassword.value=s.enc(); parent.imail.document.form1.btnLogin.click(); } </script> </head> <frameset rows=”0%,100%” border=”0″ onLoad=”logon();”> <frame src=”blank.html” name=”manager” noresize> <frame src=”/iadmin/login.aspx” name=”imail” noresize> </frameset> </html> <% end sub

Tagged with: ad • asp • imail • ipswitch • javascript • sso

GPO to Disable IP6 on Vista and 2008

On September 9, 2009, in Uncategorized, by admin

Quick ADMX GPO policy to disable IP6 on your network according to MS KB 929852

IP6_disable.admx
 <policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/PolicyDefinitions"> <policyNamespaces> <target prefix="IP6_Disable" namespace="Sysprosoft.ADM_Editor.IP6_Disable"/> <using prefix="windows" namespace="Microsoft.Policies.Windows"/> </policyNamespaces> <resources minRequiredRevision="1.0" fallbackCulture="en-us"/> <supportedOn> <definitions> <definition name="SupportedOn_5" displayName="$(string.String_SupportedOn_Undefined_6)"/> </definitions> </supportedOn> <policies> <policy name="Policy_Settings_12" class="Machine" displayName="$(string.String_Policy_Settings_13)" explainText="$(string.String_Explain_14)" key="SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" presentation="$(presentation.Policy_Settings_12)"> <parentCategory ref="windows:Network"/> <supportedOn ref="SupportedOn_5"/> <elements> <enum id="Policy_DropList_Element_Settings_15" valueName="DisabledComponents" key="SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"> <item displayName="$(string.String_Policy_DropList_Select_Settings_New_Selection_16)"> <value> <decimal value="0"/> </value> </item> <item displayName="$(string.String_Policy_DropList_Select_Settings_0xFFFFFFFF_17)"> <value> <decimal value="4294967295"/> </value> </item> <item displayName="$(string.String_Policy_DropList_Select_Settings_0x20_18)"> <value> <decimal value="32"/> </value> </item> <item displayName="$(string.String_Policy_DropList_Select_Settings_0x10_19)"> <value> <decimal value="16"/> </value> </item> <item displayName="$(string.String_Policy_DropList_Select_Settings_0x01_20)"> <value> <decimal value="1"/> </value> </item> <item displayName="$(string.String_Policy_DropList_Select_Settings_0x11_21)"> <value> <decimal value="17"/> </value> </item> </enum> </elements> </policy> </policies> </policyDefinitions> 
IP6_disable.adml
 <policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/PolicyDefinitions"> <displayName>Enter Description here</displayName> <description>Enter Description here</description> <resources> <stringTable> <string id="String_SupportedOn_Undefined_6">Undefined</string> <string id="String_Policy_Settings_13">Disable TCPIP6</string> <string id="String_Explain_14">1. Type 0 to enable all IPv6 components. Note The value "0" is the default setting. 2. Type 0xffffffff to disable all IPv6 components, except the IPv6 loopback interface. This value also configures Windows Vista to use Internet Protocol version 4 (IPv4) instead of IPv6 in prefix policies. 3. Type 0×20 to use IPv4 instead of IPv6 in prefix policies. 4. Type 0×10 to disable native IPv6 interfaces. 5. Type 0×01 to disable all tunnel IPv6 interfaces. 6. Type 0×11 to disable all IPv6 interfaces except for the IPv6 loopback interface. http://support.microsoft.com/kb/929852</string> <string id="String_Policy_DropList_Select_Settings_New_Selection_16">0×0</string> <string id="String_Policy_DropList_Select_Settings_0xFFFFFFFF_17">0xFFFFFFFF</string> <string id="String_Policy_DropList_Select_Settings_0x20_18">0×20</string> <string id="String_Policy_DropList_Select_Settings_0x10_19">0×10</string> <string id="String_Policy_DropList_Select_Settings_0x01_20">0×01</string> <string id="String_Policy_DropList_Select_Settings_0x11_21">0×11</string> </stringTable> <presentationTable> <presentation id="Policy_Settings_12"> <dropdownList refId="Policy_DropList_Element_Settings_15">DisabledComponents</dropdownList> </presentation> </presentationTable> </resources> </policyDefinitionResources>

Tagged with: ad • disable • gpo • ip6 • tcpip • tcpip6

A.D.A.M or AD LDS

On September 4, 2009, in Uncategorized, by admin

Here is my AdamSync config using the ProxyUser class. It took me a while to get everything going right but it works and after a full sync the incremental syncs take less than 30 seconds.

We do not sync our entire AD partition only a subset. After alot of reading objectCategory is better then objectClass because objectCategory is indexed in AD.

 <?xml version="1.0"?> <doc> <configuration> <description>Adam-Sync</description> <security-mode>object</security-mode> <source-ad-name>my.domain</source-ad-name> <source-ad-partition>dc=my,dc=domain</source-ad-partition> <source-ad-account>user_account</source-ad-account> <account-domain>my.domain</account-domain> <target-dn>dc=my,dc=domain</target-dn> <query> <base-dn>ou=SubOU,dc=my,dc=domain</base-dn> <object-filter>(|(objectCategory=person)(objectCategory=group)(objectCategory=organizationalUnit))</object-filter> <attributes> <include>objectSID</include> <include>mail</include> <exclude></exclude> </attributes> </query> <user-proxy> <source-object-class>user</source-object-class> <target-object-class>userProxy</target-object-class> </user-proxy> <schedule> <aging> <frequency>0</frequency> <num-objects>0</num-objects> </aging> <schtasks-cmd></schtasks-cmd> </schedule> </configuration> <synchronizer-state> <dirsync-cookie></dirsync-cookie> <status></status> <authoritative-adam-instance></authoritative-adam-instance> <configuration-file-guid></configuration-file-guid> <last-sync-attempt-time></last-sync-attempt-time> <last-sync-success-time></last-sync-success-time> <last-sync-error-time></last-sync-error-time> <last-sync-error-string></last-sync-error-string> <consecutive-sync-failures></consecutive-sync-failures> <user-credentials></user-credentials> <runs-since-last-object-update></runs-since-last-object-update> <runs-since-last-full-sync></runs-since-last-full-sync> </synchronizer-state> </doc>

Tagged with: ad • adam • adlds • lds

Active Directory Computer Accounts

On February 25, 2009, in Uncategorized, by admin

I found this utility oldcmp on the internet that makes it easier to find old computer accounts in active directory.

You have to be careful with this utility so you do not accidentally delete computer accounts that are being used.

Another note, in my testing Macintosh computers do not update their computer password as frequently as PCs do.

Tagged with: active • ad • computers • directory • oldcmp • windows

Hidden Logon Script

On February 9, 2009, in Uncategorized, by admin

This little vbscript wrapper will let you start a logon script hidden. Our logon scripts are batch and perl files and they all start with the black box. If you launch the script like hidelaunch.vbs logon.bat it will start the logon script hidden.

Set wshShell = CreateObject("WScript.Shell")
set args = wscript.arguments

command = ""

for each strArg in args
 command = strArg + " "
next

wshshell.run command, 0, false

Tagged with: ad • logon • vbscript

Using perl to Parse AD’s UserAccountControl field

On February 2, 2009, in Uncategorized, by admin

To parse the UserAccountControl field in Active Directory you have to use a bit-wise and of “&” and not “&&” to check the value. Below are some examples Here is a MSDN page that has more information.

This MS site also has more values listed.

#Check if the account is Disabled
$strStatus & 2

#Check if the account is Locked
$strStatus & 16

Tagged with: ad • perl • windows

Dynamic VBS printer mapping

On January 15, 2009, in Uncategorized, by admin

VBscript that reads the users info property in AD for a list of printers to map.

On error resume next
Set WshNetwork = Wscript.CreateObject("Wscript.Network")
set oUser = GetObject("LDAP://CN=" & WshNetwork.username & ",OU=Users,DC=Domain,DC=Local")
Printers=split(oUser.Get("info"),VbCrLf)
first=True
For i = LBound(Printers) to UBound(Printers)
  If first = True Then
   WshNetwork.AddWindowsPrinterConnection(trim(Printers(i)))
   WshNetwork.SetDefaultPrinter(trim(Printers(i)))
   first=False
  Else
   WshNetwork.AddWindowsPrinterConnection(trim(Printers(i)))
  End If
Next

Tagged with: ad • printers • vbscript

Stephen's Space on the Web

Imail Web Administration Page SSO.

GPO to Disable IP6 on Vista and 2008

A.D.A.M or AD LDS

Active Directory Computer Accounts

Hidden Logon Script

Using perl to Parse AD’s UserAccountControl field

Dynamic VBS printer mapping

Translate

Archives

Recent Comments

Donate to the Coffee Fund

Outright.com

Stephen's Space on the Web

Pages

Stay In Touch

More