September 9 2009

Return distinguished name of a user

This handy script is an easy way to return the DN of a user based on the sAMAccountName (aka username) that you give it. You can also provide wildcards. Usage:

cscript DNname.vbs username

eg. cscript DNname.vbs john.citizen

Will return:
“CN=john.citizen,OU=Standard,OU=Users,DC=domain,DC=com”

eg. cscript DNname.vbs john*

Will return:
“CN=john.citizen,OU=Standard,OU=Users,DC=domain,DC=com”
“CN=john.peterson,OU=Standard,OU=Users,DC=domain,DC=com”

eg. cscript DNname.vbs *john*

Will return:
“CN=john.citizen,OU=Standard,OU=Users,DC=domain,DC=com”
“CN=john.peterson,OU=Standard,OU=Users,DC=domain,DC=com”
“CN=bill.johnson,OU=Standard,OU=Users,DC=domain,DC=com”

Script is:

 On Error Resume Next
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, objArgs
Set objArgs = Wscript.Arguments
if objArgs.Count = 0 then
 Wscript.Echo  “CN argument required. “”*”” or “”J*”” or etc..”
 WScript.Quit (1)
End If
cn = objArgs(0)
Set objConnection = CreateObject(“ADODB.Connection”)
Set objCommand = CreateObject(“ADODB.Command”)
objConnection.Provider = “ADsDSOOBject”
objConnection.Open “Active Directory Provider”
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject(“LDAP://RootDSE“)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
strBase = “<LDAP://” & strDNSDomain & “>”
strFilter = “(&(objectCategory=person)(objectClass=user)(sAMAccountName=” & cn & “))”
strAttributes = “distinguishedName”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
objCommand.CommandText = strQuery
objCommand.Properties(“Page Size”) = 99999
objCommand.Properties(“Timeout”) = 300
objCommand.Properties(“Cache Results”) = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields(“distinguishedName”)
    Wscript.Echo “””” & strDN & “”””
    objRecordSet.MoveNext
Loop
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

September 7 2009

Office Communicator 2007 and Live Meeting ADM templates for Port Range

The default UDP/TCP port range used by the Office Communicator 2007 client is 1024-65535. The Real Time Media Communications stack in Office Communicator 2007 allocates the media port dynamically in this range.

To control the specific range of ports that need to be open on a firewall, a registry key setting is provided to force the media stack to reduce the range of port values that can be used for real time media communications. Microsoft provide these registry keys (http://technet.microsoft.com/en-us/library/bb964029.aspx) however, there is no ADM template provided to be able to control this via Group Policy.

See below for a custom ADM that has been created. Just copy these into a text editor and save them as an ADM file, then import in them into your GPO. Remember to adjust the values to suit the port range required in your environment.

User Policy

CLASS USER

CATEGORY “OCS R2”
KEYNAME SoftwareMicrosoftSharedUcClient
POLICY ServerAddressInternal
PART ServerAddressInternal EDITTEXT
VALUENAME “ServerAddressInternal”
END PART
END POLICY
END CATEGORY

CATEGORY “OCS R2”
KEYNAME “SoftwareMicrosoftLive MeetingConsoleVersion 8.0Attendee”
POLICY AttendeePortRangeMin
EXPLAIN “Enabled = 48951”
VALUENAME “MediaPortRangeMin”
VALUEON NUMERIC “48951”
VALUEOFF NUMERIC “0”
END POLICY

POLICY AttendeePortRangeMax
EXPLAIN “Enabled = 49050”
VALUENAME “MediaPortRangeMax”
VALUEON NUMERIC “49050”
VALUEOFF NUMERIC “0”
END POLICY
END CATEGORY

CATEGORY “OCS R2”
KEYNAME “SoftwareMicrosoftLive MeetingConsoleVersion 8.0Presenter”
POLICY PresenterPortRangeMin
EXPLAIN “Enabled = 49051”
VALUENAME “MediaPortRangeMin”
VALUEON NUMERIC “49051”
VALUEOFF NUMERIC “0”
END POLICY

POLICY PresenterPortRangeMax
EXPLAIN “Enabled = 49150”
VALUENAME “MediaPortRangeMax”
VALUEON NUMERIC “49150”
VALUEOFF NUMERIC “0”
END POLICY
END CATEGORY

Computer Policy

CLASS MACHINE

CATEGORY “OCS R2”
KEYNAME “SoftwarePoliciesMicrosoftCommunicatorPortRange”
POLICY “Enabled”
VALUENAME “Enabled”
VALUEON    NUMERIC 1
VALUEOFF   NUMERIC 0
END POLICY

POLICY “MaxMediaPort”
EXPLAIN “Enabled = 48950”
VALUENAME “MaxMediaPort”
VALUEON NUMERIC “48950”
VALUEOFF NUMERIC “0”
END POLICY

POLICY “MinMediaPort”
EXPLAIN “Enabled = 48851”
VALUENAME “MinMediaPort”
VALUEON NUMERIC “48851”
VALUEOFF NUMERIC “0”
END POLICY
END CATEGORY

I would recommend ensuring that you follow the guidelines on the minimum number of ports as outlined by Microsoft in this document –> http://technet.microsoft.com/en-us/library/bb964029.aspx

——-

Update 27/10/2009

I noticed that there is a Technet post about this blog entry – http://social.microsoft.com/Forums/en-US/commmunicatorsetup/thread/4184b145-4f63-40bd-901a-26d90c35ab89. Jeff Schertz’s answer is correct – These registry keys and values do not exist by default since the normal behavior is for the client to assign dynamic ports in the entire 1024-65535 range.  You need to manually create these keys and values.

September 1 2009

optushome.com.au emails stop working?

For those of you who are unaware, optushome.com.au is a domain name belonging to Optus from when their broadband product was called Optus @ Home. There are many thousand of customers including myself who have been using Optus Cable broadband for over 8 years and therefore have a optushome.com.au email address.

Then last night, without notice, they switched it off this domain. What does this mean? Any emails send to anybody@optushome.com.au will get bounced back and not delivered to the loyal Optus customer.

This is very poor form Optus, considering you are affecting your most loyal customers, the ones that have been with you for many years.

There is a simple technical solution involving domain name rediection that you could easily have implemented. It’s really not that hard. If you are stuggling, drop me a line and I’ll come and assist you.

It’s pathetic Optus, really pathetic.

More details from this news article –> http://www.australianit.news.com.au/story/0,25197,26012012-15306,00.html

Category: Geek | LEAVE A COMMENT