Zum Inhalt

Schlagwort: active directory

PHP LDAP Pagination (Solution for PHP5.4+)

Because Active Directory restricts returning all results fetched by LDAP Query, I found a solution to get around this problem, without changing anything in Active Directory.

The root cause for this problem is: AD has a pagesize limit for returning elements through LDAP (default is 1000). As every good Admin / Dev knows, systemwide hardlimits should not be changed by a client system, which sends requests, because this could end up in hugh desaster. Why? Because everyone would set these limits as high as he can to prevent his software from crashing itself (better burn server cpu)

That means, we can’t set any pagelimit in PHP above the pagelimit from the server. What we need to do is to iterate through all results, check if there are more pages left and start another request until we fetched everything.

There are two functions we need to focus on. ldap_control_paged_result and ldap_control_paged_result_response

The first function enables the pagination for the current connection. The second function retrieves the information if more paged data is available (more than 1000 results). After we put everything together, we have something like that:

Weiterlesen PHP LDAP Pagination (Solution for PHP5.4+)

Powershell – Script automation with jobs (AD Quota)

After working a while with Powershell and doing some time expensive jobs like getting the quota of all Microsoft servers I came to the point when i was looking for some parallelisation in Powershell. My problem was the quota script, that executes the following command for each file server:

Actually we have a couple of servers and need to get the quota from all servers to calculate the file system usage and built a daily statistic. The first script collected the data from each server. Since this is a boring job, because reading a file stream and writing it to a local file is really boring, even for a computer. I wanted to accelerate this step. So i got in touch with Powershell and jobs. Jobs are (dont kill me) distantly related with multithreading in .NET. Indeed, multithreading in .NET has many more advantages and features than in powershell, but as a beginner (some years ago 🙂 ) in development i didn’t do anything more than just starting threads and wait until they are finished (Yep, invokation was a foreign concept to me). So this relation is not so far out. Anyway, jobs do a great job if you…

Weiterlesen Powershell – Script automation with jobs (AD Quota)

Active Directory W2008 R2 – Remove DNS record with Powershell and WMI

The Simplest way of removing a DNS record from your active directory is using WMI. With Server 2008 R2 you can use powershell to get the record by setting a filter for the domainname and pipe the object to the wmiobject remove routine like this:

There are several online solutions available, but most of them use the wrong namespace and wrong filter parameter. This one workls perfectly. Ensure that you are using an administrative powershell with domainadmin privileges.

Weiterlesen Active Directory W2008 R2 – Remove DNS record with Powershell and WMI

Powershell – Rename domain computer remotely (within an active directory domain as well)

I wanted to rename a couple of computers within our active directory. After some research i figured out thats it seems to be nearly impossible to rename a computer by just touching one object: the ad computer object, or the computer (client) itself. My first thought was „ok, you have to rename both objects, rejoin the computer and hope everything works“. But that’s no solution, that makes me happy, because the more steps you do, the more problems can occure. For examples, what happens if the computer has to reboot, after renaming to get correct rejoined? Do i have to create a local admin account at the clientside to have permissions after the computer lost his connection to ad? And so on… I played around, renamed the ad object, rebooted it – negative, the computer has to be joined again. After that i tried it the „bottom up“ way by renaming the computer by hand, and rebooted it instantly. While the computer was shutting down i noticed, that the computerobject in active directory was renamed before the computer was finished with its shutdown process. So i tried this several times and every time the ad computerobject was renamed properly. YAY!…

Weiterlesen Powershell – Rename domain computer remotely (within an active directory domain as well)

Active Directory – Supersonic and the directory searcher

Whats the difference between supersonic and the directory searcher? Nothing, because if you get over ~1000 you crash into a wall. 🙂 Last week we had to deal with the limitations on the directory searcher. We performed a user search on an organizational unit (subtree) with more than 1000 users beneath. We where astonished that our userobject only contained 1000 items every time we did the search. I wrote a little test script in powershell to reproduce this behaviour and to see if this limitation is a C# problem or not. So I wrote this script:

As expected, powershell returned only 1000 objects. Then we tried to find out why and looked at the $objSearcher property list.

As you can see, there are two interesting properties: sizelimit and pagesize. So I played around with these two properties and found some explanations for them. Sizelimit is the limit for the maximum returned results, but you can’t set this property above 1000. So I looked at the second property, pagesize. This property sets the maximum result items per returned page. So all you have to do is, set sizelimit to 0 and set pagesize to 1000 and you will get…

Weiterlesen Active Directory – Supersonic and the directory searcher