Whilst working on a script to query Active Directory, I needed to be able to search by a SID. Unfortunately the SID I had was in the standard string format, which you cannot search with. So it needs to be converted, I wrote this script in PHP which will convert the standard string SID into a format that allows you to search LDAP.
Lets just jump in, no comments here but basically I split the SID at the hyphens and repack.
function convertSID($SIDstr) {
$SIDbits = split('-',$SIDstr);
$conSID = '';
array_shift($SIDbits);
$conSID .= sprintf('%02d',dechex(array_shift($SIDbits)));
$dashes = substr_count($SIDstr,'-');
$dashes = $dashes - 2;
$conSID .= sprintf('%02d',dechex($dashes));
$conSID .= sprintf('%012d',sprintf('%X',array_shift($SIDbits)));
$tmp = unpack("H*",(pack('I*',array_shift($SIDbits)))); $conSID .= $tmp[1];
$tmp = unpack("H*",(pack('I*',array_shift($SIDbits)))); $conSID .= $tmp[1];
$tmp = unpack("H*",(pack('I*',array_shift($SIDbits)))); $conSID .= $tmp[1];
$tmp = unpack("H*",(pack('I*',array_shift($SIDbits)))); $conSID .= $tmp[1];
$tmp = unpack("H*",(pack('I*',array_shift($SIDbits)))); $conSID .= $tmp[1];
return "\\".str_replace("\r\n","\\",rtrim(chunk_split($conSID,2)));
}
# Put in a proper SID here
$before="S-1-5-21-1234567890-123456789-123456789-1234";
$after = convertSID($before);
echo "BEFORE: $before\nAFTER: $after\n";
$ds = ldap_connect("LDAP_HOST");
ldap_bind($ds,"LDAP_USER","LDAP_PASS");
$dn = "ou=Users,dc=example,dc=com";
$sr = ldap_search($ds,$dn,"objectSid=$after",array('displayname'));
$e = ldap_get_entries($ds,$sr);
var_dump($e);Based on code originally published here.
So I had a problem on Windows in that I have lots of directories that are named correctly but I wish the files under them to be uniformly named.
The solution was to use PowerShell, which is an extremely effective scripting tool for Windows, especially if you come from a UNIX shell background.
There is actually quite a lot of documentation available for it and rather than go into detail I will simply show you the script:
#
# RenameDirectoryFiles.ps1
#
param( [string[]]$paths )
Set-PSDebug -Strict
foreach ( $path in $paths ) {
if ( !(Test-Path $path -PathType Container) ) {
Write-Error "'$path' doesn't exist or isn't a directory"
exit 1
}
$i = 0
Get-ChildItem $path | sort FullName | foreach {
$tmp = "{0:000}" -f $i
$ext = $_.Extension
$newname = "$path - $tmp$ext"
Rename-Item $_.fullname $newname
$newname
$i = $i + 1
}
}So the usage is extremely simple:
RenameDirectoryFiles.ps1 'My Directory'
After which all the files under ‘My Directory’ will be renamed to ‘My Directory – 000.fileextension’.
I was recently pointed to the English and Polish pages for the MS Business Productivity. The most striking thing about the difference between the pages is that one depicts a white individual in place of a black individual. What could be the purpose of altering the image, surely it isn’t racism, after all the Chinese individual is still in place.
Strange what goes through the brain of MS Business Productivity.
Polish Alternative
English Alternative
I was recently asked if it was possible to monitor the Event Log for a single event and ensure that it was occurring regularly. It is rare that I handle Windows scripting and when I do I normally find myself cursing it, haha! In this case we want to ensure that a print server is constantly printing through the day, we expect that at least 1 print job will occur every 15 minutes, if not then we’d like a warning. Obviously this check should only run during work hours.
So the first step is relatively simple, access the Event Log and look for a single event by its event code.
set objWMIService = GetObject("winmgmts:\root\cimv2")
set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = 10")What we did here was grab all the events with event code of 10 (a print job!). So if we count the number of events within a range then we will have basically completed a huge part of the work.
So next step is to make an interval that will be 15 minutes back from whatever time is current.
set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
dtmStartDate.SetVarDate DateAdd("n",-15,Now()),TrueAnd applying that into our statement:
set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'System' and EventCode = 10" _
& " and TimeWritten >= '" & dtmStartDate & "'")This means that we are now collecting the events that only occurred within the last fifteen minutes. So what next, well we need to have a statement to pass to BigBrother to indicate success or failure. Fortunately enough I have another script which monitors the cluster (thanks to the awesome DeadCat repository) and it has some code to help place the file that BigBrother collects.
const HKLM = &H80000002
strBBExtPathNew = "SOFTWARE\Quest Software\BigBrother\bbnt\ExternalPath"
strBBExtPathOld = "SOFTWARE\BigBrother\bbnt\ExternalPath"
set oReg = GetObject("winmgmts:\root\default:StdRegProv")
oReg.GetStringValue HKLM,strBBExtPathNew,,strExtPath
if isNull(strExtPath) then
oReg.GetStringValue HKLM,strBBExtPathOld,,strExtPath
end if
if isNull(strExtPath) then
WScript.Quit
end if Read more…
I regularly suggest AVG as a free anti-virus solution. I have actively used it for well over 8 years now and have never found myself struck by a virus it couldn’t clean or stop.
Recently two annoyances have crept into AVG. The first is easily solvable, a corrupt update.
If you get a message saying “Invalid update control CTF file”. This means that AVG has found that its update file is corrupt. The quickest way to sort this is to delete the update files:
- Open the “AVG User Interface”
- Tools > Advanced settings (via the menus)
- Then “Update” and “Manage”
- Press “Delete temporary update files”
- Run the update again.
Easy enough to fix.
The second annoyance is the Link Scanner. I can understand what it is attempting to do but in my preference I do not wish AVG to add additional traffic to my already clogged internet connection! The trick to sorting this is to remove the link scanner at installation. This might mean uninstalling AVG to reinstall but to get rid of Link Scanner its worth it. Simply select a “Custom installation” and then when it gets to “Component Selection” uncheck LinkScanner .. done!