To keep active directory clean of old computer accounts, I run a script on a monthly schedule that finds computers that haven’t sync’d passwords for their machine accounts in 120 days or so. It also does some other clever stuff like working out which user the system belonged to, and if they have a new system, then emails the output and action is taken appropriatly (I doubt many people want auto-deletions of system accounts!).
Someone pointed out to me that a very old system wasn’t getting picked up by the script, so I had to do some debugging…
Running Microsofts AD LDAP browser (adsiedit.msc) let me find the system in question, and looking at the properties of it there was a value for ‘pwdLastSet’, but it wasn’t in a standard date format. After a bit of research, it turns out that this is in the Integer8 format, this is a 64-bit / 8 byte number that stores the date/time in 100nanosecond intervals. Great. But when the hell was ‘128509137717192405′ ?!
Easy… You can convert a Integer8 date format by using the ‘w32tm’ command….
Z:\>w32tm /ntte 128509137717192405
148737 10:16:11.7192405 - 25/03/2008 11:16:11 (local time)
So that explains why the system wasn’t appearing in my old systems list, it had sync’d passwords only a couple of months ago.
Posted in Networking, Tips
If you’ve got a directory on a system that you don’t want the Altirs inventory solution to process when the software inventory runs, it’s quite easy to get it to exclude it. For example, A SAN volume that is mounted as a local disk on a server with userfiles on might cause the fileserver to incorrectly appear in custom inventory collections because of this.
You need to locate the the ‘auditpls.ini’ file in the inventory package on the Altiris server, and add an additional EXCLUDEDIR line under the [LOCALMACHINE] heading, then update the distribution points for the package. Hopefully your clients running the inventory agent should download the updated ini file when they next check in, and next time they run the scheduled inventory the exclusion will be taken into consideration!
Posted in Tips
I had a problem today with one of our FTP servers… We have a client that has an automated process set up that uploads data to our server, which is then processed by us.
I had to recreate the account used for this, but then realised I didn’t know the original password, and getting the client to find it wouldn’t be an easy option!
After a bit of digging for a packet sniffer, I came accross Smartsniff and was instantly impressed!
It’s one of those tools that you can pick up and start using right away, without having to spend ages installing dependancies or figuring it out, and it’s just a single exe, so very portable. I also really like the fact that it assembles certain TCP communications into a readable conversation (See above) – very easy to recover a saved FTP password that you don’t know!
Get it from nirsoft.net, along with a whole stack of other neat tools!
Posted in Networking, Tools
