It took me much time to figure out how to search a user whose name has "'"(apostrophe) inside. Basically you use another apostrophe to escape the apostrophe. Please see example:
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT distinguishedName FROM 'LDAP://dc=strongline,dc=home' WHERE objectCategory='user' AND cn ='D''Arcy, Who'"
REM ====>>>> use another apostrophe to escape one astrophe. It's hard to see the difference between two apostrophes and a double quote sign, please copy the code into an editor such as Notepad++ that can better show codes.
Set objRecordSet = objCommand.Execute
Search This Blog
May 16, 2007
May 15, 2007
SMS Logs
Client side logs: Admin$\system32\ccm\logs
Site Server logs: SMSfolder\Logs
Management Point logs: SMS_CCM\Logs
if a MP is itself a client, the client side log will be in SMS_CCM
Tracue Utility is essential for watching SMS logs!
Site Server logs: SMSfolder\Logs
Management Point logs: SMS_CCM\Logs
if a MP is itself a client, the client side log will be in SMS_CCM
Tracue Utility is essential for watching SMS logs!
Apr 20, 2007
What does Kerberos ticket renewable time mean to you.
1. By default a user ticket(TGT) life time is 10 hours, it can be renewed up to 7 days
2. Tickets and keys obtained from the KDC are stored in a credentials cache, an area of volatile memory protected by the LSA. The credentials cache is never paged to disk. All objects stored there are destroyed when a security principal logs off or the system is shut down.
3. If you work non-stop for more than 7 days, it doesn't mean you have to type in your password again. The LSA also keeps a copy of an interactive user's hashed password. If the user's TGT expires during a logon session, the Kerberos SSP uses the LSA's copy of the hashed password to obtain a new TGT silently, without interrupting the user's logon session. The password is not stored permanently on the computer, and the local copy is destroyed when the user's logon session is destroyed.
4. However, there are changes in the background if you leave an open logon session over 7 days limit. Changes are:
1) You will get a new ticket, obviously, in the background
2) If you have any membership changes, it will be reflected in the new ticket without having you log off/log back on.
3) User Rights Assignments change will be reflected
4) If you don't force the user to log off, which could also means he/she can have access that you don't want him/her to have because his/her ticket remains valid in its lift time.
2. Tickets and keys obtained from the KDC are stored in a credentials cache, an area of volatile memory protected by the LSA. The credentials cache is never paged to disk. All objects stored there are destroyed when a security principal logs off or the system is shut down.
3. If you work non-stop for more than 7 days, it doesn't mean you have to type in your password again. The LSA also keeps a copy of an interactive user's hashed password. If the user's TGT expires during a logon session, the Kerberos SSP uses the LSA's copy of the hashed password to obtain a new TGT silently, without interrupting the user's logon session. The password is not stored permanently on the computer, and the local copy is destroyed when the user's logon session is destroyed.
4. However, there are changes in the background if you leave an open logon session over 7 days limit. Changes are:
1) You will get a new ticket, obviously, in the background
2) If you have any membership changes, it will be reflected in the new ticket without having you log off/log back on.
3) User Rights Assignments change will be reflected
4) If you don't force the user to log off, which could also means he/she can have access that you don't want him/her to have because his/her ticket remains valid in its lift time.
Subscribe to:
Posts (Atom)