Re: Secure Channel Password

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 02/12/05 

Date: Sat, 12 Feb 2005 18:27:26 -0500

Adfind doesn't write anything, it is entirely read only. 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Amir Marathonian wrote:
> Is this command going to have any adverse effect on either the DC, or the 
> machine which I am querying about its password reset?  FYI:  The machine I am 
> querying is Exchange Server 2000.  As you know, Exchange is tightly 
> integrated with Active Directory.  I just want to make sure this command is 
> not going to have an adverse effect on either of two computers. 
> 
> Thanks
> 
> 
> "Joe Richards [MVP]" wrote:
> 
> 
>>Or you could use adfind...
>>
>>adfind -tdc -b basedn -f name=machinename pwdLastSet
>>
>>or if you have a single domain or the machine is in the default domain
>>
>>adfind -tdc -default -f name=machinename pwdLastSet
>>
>>
>>ex:
>>
>>[Sun 01/23/2005 15:04:43.77]
>>C:\WINDOWS>adfind -tdc -default -f name=fastmofo pwdLastSet
>>
>>AdFind V01.26.00cpp Joe Richards (joe@joeware.net) January 2005
>>
>>Using server: 2k3dc02.joe.com
>>Directory: Windows Server 2003
>>Base DN: DC=joe,DC=com
>>
>>dn:CN=fastmofo,CN=Computers,DC=joe,DC=com
>> >pwdLastSet: 01/12/2005-01:14:39
>>
>>
>>1 Objects returned
>>
>>
>>The command completed successfully.
>>
>>
>>
>>
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>ptwilliams wrote:
>>
>>>Install the support tools (\support on the windows server CDROM) and run 
>>>adsiedit.msc
>>>Drill down to where the computer object is in the directory (under the 
>>>domain partition) and right-click and choose properties.
>>>In the properties window, select pwdLastSet from the 'select a property to 
>>>view' drop-down and the result is a long integer in the value(s) box.
>>>
>>>You could do the same using LDP and then use LDP's large-integer converter 
>>>to make more sense of the data.
>>>
>>>Or you could script it.  I think some of the scripting guru's here have 
>>>already written this script and made it freely available.  Try searching for 
>>>pwdLastSet and password or something.
>>>
>>

Relevant Pages

  • Re: Service Pack Level
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... >>>You can just do a simple ldap query and display the operatingsystem and>>operatingsystemservicepack attributes. ...
    (microsoft.public.win2000.active_directory)
  • Re: Edit service permissions from Command-line
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... command-line - MS states that the tool SUBINACL.EXE can be used to pull this information but I want to be able to set/change the information that's pulled, can this be done from the command line? ...
    (microsoft.public.windows.server.active_directory)
  • Re: lastLogonTimestamp
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... intLastLogonTime = intLastLogonTime / 1440 ...
    (microsoft.public.windows.server.active_directory)
  • Re: ldap problem
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ...
    (microsoft.public.windows.server.active_directory)
  • Re: Raising to native mode
    ... No change to client protocols. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I would recommend cleaning that stuff up because more than likely the next version of Windows Server very well could have some impact on those older OSes since they are completely unsupported now. ... Many of the articles simple say you can't have Windows NT domain controllers, but I would think that this is a big thing to change and it not effect 95 or 98. ...
    (microsoft.public.windows.server.active_directory)