Archive

Archive for the ‘Is Your Friend’ Category

OldCmp Is Your Friend

April 20th, 2010
No comments

I recently found a little gem that needs listing in the Is Your Friend series.  I really appreciate single discrete tools that do a job and do it well.  OldCmp from joeware.net is a great example.  OldCmp is a command line tool to cleanup old accounts from Active Directory.  Within that function the tool has quite a strong set of features to slice and dice through the discovery and disposal of old accounts.

Here is a basic run of the tool to find and list computer accounts that haven’t been accessed in a year:

oldcmp.exe -report -age 365 -llts -sh

When working with a client I am very cautious to delete, so I would disable those accounts and move them to an Archive OU in AD:

oldcmp.exe -disable -age 365 -llts -newparent “ou=Archive,dc=xxxxxxxx,dc=local” -excldn “Archive” -safety 10

If everything looks OK with that, add the -forreal flag to actually do the work and adjust the -safety flag to a reasonable value:

oldcmp.exe -disable -age 365 -llts -newparent “OU=Archive,DC=xxxxxxxx,DC=local” -excldn “Archive” -safety 20 -forreal

If after a couple months no one has squawked about problems, it is probably safe to delete those accounts.

Once the initial disable and move to Archive is done, you can run this to find accounts that may need attention:

oldcmp.exe -report -age 180 -llts -excldn “Archive”

DN cn sAMAccountName dNSHostName pwdLastSet pwage whenCreated accountExpires operatingSystem operatingSystemServicePack operatingSystemVersion userAccountControl
cn=nick,cn=computers,dc=americanacquisition,dc=com nick nick$ nick.americanacquisition.com 2003/06/30-14:31:51 2485 20030630183151.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=pam,cn=computers,dc=americanacquisition,dc=com pam pam$ pam.americanacquisition.com 2003/08/13-17:19:10 2441 20030514220336.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=ray,cn=computers,dc=americanacquisition,dc=com ray ray$ ray.americanacquisition.com 2003/09/08-22:00:12 2415 20030507222643.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=robin,cn=computers,dc=americanacquisition,dc=com robin robin$ robin.americanacquisition.com 2004/01/16-07:53:21 2286 20030530194013.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=vic,cn=computers,dc=americanacquisition,dc=com vic vic$ vic.americanacquisition.com 2004/01/28-10:06:01 2274 20030515201341.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=mitch,cn=computers,dc=americanacquisition,dc=com mitch mitch$ mitch.americanacquisition.com 2004/03/28-12:40:27 2213 20030514211536.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-02,cn=computers,dc=americanacquisition,dc=com p3-l295p-02 p3-l295p-02$ p3-l295p-02.americanacquisition.com 2004/05/17-07:38:39 2164 20031229192353.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=barbara,cn=computers,dc=americanacquisition,dc=com barbara barbara$ barbara.americanacquisition.com 2004/06/17-07:31:12 2133 20030512143032.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=arlena,cn=computers,dc=americanacquisition,dc=com arlena arlena$ arlena.americanacquisition.com 2004/08/17-13:30:04 2071 20030514201433.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=paul2,cn=computers,dc=americanacquisition,dc=com paul2 paul2$ paul2.americanacquisition.com 2004/09/01-21:38:45 2056 20040218152927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l295p-04,cn=computers,dc=americanacquisition,dc=com p3-l295p-04 p3-l295p-04$ p3-l295p-04.americanacquisition.com 2004/09/08-15:17:57 2049 20031229204602.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=cynthia,cn=computers,dc=americanacquisition,dc=com cynthia cynthia$ cynthia.americanacquisition.com 2004/11/12-08:54:52 1985 20040908162639.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-03,cn=computers,dc=americanacquisition,dc=com p3-l295p-03 p3-l295p-03$ p3-l295p-03.americanacquisition.com 2004/11/18-15:14:28 1978 20031229200132.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=p3-l295p-01,cn=computers,dc=americanacquisition,dc=com p3-l295p-01 p3-l295p-01$ p3-l295p-01.americanacquisition.com 2005/01/03-07:53:19 1933 20031229183520.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-10,cn=computers,dc=americanacquisition,dc=com p3-l285s-10 p3-l285s-10$ p3-l285s-10.americanacquisition.com 2004/12/13-18:14:47 1953 20041213221447.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4098) MBR DISABLED
cn=matt,cn=computers,dc=americanacquisition,dc=com matt matt$ matt.americanacquisition.com 2005/02/07-11:02:28 1897 20030513153031.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=chris,cn=computers,dc=americanacquisition,dc=com chris chris$ chris.americanacquisition.com 2005/02/11-02:47:43 1894 20030512150221.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=joe,cn=computers,dc=americanacquisition,dc=com joe joe$ joe.americanacquisition.com 2005/03/28-09:19:00 1849 20030507213319.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=wade2,cn=computers,dc=americanacquisition,dc=com wade2 wade2$ wade2.americanacquisition.com 2005/03/30-18:38:42 1846 20030630194946.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=wade-laptop,cn=computers,dc=americanacquisition,dc=com wade-laptop wade-laptop$ wade-laptop.americanacquisition.com 2005/01/03-10:33:13 1932 20031027210134.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=pamela,cn=computers,dc=americanacquisition,dc=com pamela pamela$ pamela.americanacquisition.com 2005/04/21-11:04:01 1824 20030513181210.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-01,cn=computers,dc=americanacquisition,dc=com p3-l285s-01 p3-l285s-01$ p3-l285s-01.americanacquisition.com 2006/01/11-07:12:09 1560 20050601021813.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=katherine,cn=computers,dc=americanacquisition,dc=com katherine katherine$ katherine.americanacquisition.com 2005/06/20-09:53:38 1765 20040606184650.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4128) MBR PWD_NOT_REQD
cn=p3-l285s-11,cn=computers,dc=americanacquisition,dc=com p3-l285s-11 p3-l285s-11$ p3-l285s-11.americanacquisition.com 2006/01/13-13:17:33 1557 20050303214518.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=gateway450sx4,cn=computers,dc=americanacquisition,dc=com gateway450sx4 gateway450sx4$ gateway450sx4.americanacquisition.com 2005/08/26-08:53:12 1698 20050222201037.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=delld800-05,cn=computers,dc=americanacquisition,dc=com delld800-05 delld800-05$ delld800-05.americanacquisition.com 2007/02/01-18:40:27 1173 20050706210107.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-lp2600e-01,cn=computers,dc=americanacquisition,dc=com p3-lp2600e-01 p3-lp2600e-01$ p3-lp2600e-01.americanacquisition.com 2007/12/17-09:06:40 0855 20050510165057.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=don,cn=computers,dc=americanacquisition,dc=com don don$ don.americanacquisition.com 2007/05/03-21:25:06 1082 20030513135530.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=thur2,cn=computers,dc=americanacquisition,dc=com thur2 thur2$ thur2.americanacquisition.com 2007/11/06-10:41:08 0895 20040715181300.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=wade,cn=computers,dc=americanacquisition,dc=com wade wade$ wade.americanacquisition.com 2006/01/13-12:44:05 1557 20040614232314.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=steve,cn=computers,dc=americanacquisition,dc=com steve steve$ steve.americanacquisition.com 2005/12/07-12:58:05 1594 20030513184927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=delld800-03,cn=computers,dc=americanacquisition,dc=com delld800-03 delld800-03$ delld800-03.americanacquisition.com 2007/01/14-19:54:38 1191 20050425194011.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=delld800-01,cn=computers,dc=americanacquisition,dc=com delld800-01 delld800-01$ delld800-01.americanacquisition.com 2005/11/03-05:30:45 1629 20030527161644.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-l285s-06,cn=computers,dc=americanacquisition,dc=com p3-l285s-06 p3-l285s-06$ p3-l285s-06.americanacquisition.com 2007/05/03-12:40:27 1082 20041028211101.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l285s-xp,cn=computers,dc=americanacquisition,dc=com p3-l285s-xp p3-l285s-xp$ p3-l285s-xp.americanacquisition.com 2007/05/17-19:06:03 1068 20070517230603.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=mail,cn=computers,dc=americanacquisition,dc=com mail mail$ mail.americanacquisition.com 2007/12/30-00:12:13 0842 20071230041213.0Z 0000/00/00-00:00:00 Samba . 3.0.9-2.5-SUSE (69632) MBR NO_PWD_EXPIRE

Is Your Friend, Windows

perl-after-upgrade Is Your Friend

January 24th, 2009
No comments

I just upgraded the main perl port on a FreeBSD box from 5.8.8 to 5.8.9 and a perl based service promptly died, complaining of problems locating dependencies.  D’Oh!!  That’s not good.

After a bit of crunching away I found that each perl module port (each p5-* port) needed a ‘make deinstall && make reinstall’ to align with the new perl version.  The only bugger is that this machine has 54 p5-* ports installed.  Now I’m basically lazy so I wanted a better way than manually reinstalling each port or even writiing a script to handle these specific ports.

Thankfully a little deeper google exercise turned up pearl-after-upgrade.  From the man page:

The standard procedure after a perl port (either lang/perl5 or lang/perl5.8) upgrade is to basically reinstall all other packages that depend on perl. This is always a painful exercise. The perl-after-upgrade utility makes this process mostly unnecessary.

The tool goes through the list of installed packages, looks for those that depend on perl, moves files around, modifies shebang lines in those scripts in which it is necessary to do so, tries its best to adjust dynamically linked binaries that link with libperl.so in the old path, and updates the package database.


Brilliant!! Just what I was looking for.

I ran perl-after-upgrade followed by perl-after-upgrade -f, and it did all the heavy lifting of getting things straight.  Just for good measure I ran a rebuild on mimedefang (portmaster mimedefang), and it was back off to the races for that system.

So I must say….  perl-after-upgrade is your friend!

FreeBSD, Is Your Friend

Welcome to the Is Your Friend series

January 24th, 2009
No comments

I am starting a new category of posts, called Is Your Friend.  Frequently when talking with Todd Long (of the Jireh Consulting blog), one of us will find a cool tool or technology and inevitably it is said that <blank> is your friend.

Recently, Todd said that “OpenDNS is your friend.”  I have to agree.

It seems that every few weeks or months another tool saves my bacon or another technology finds a home in my world.  I will be filing these away under the Is Your Friend series.

Do you have a particular tool, program, gadget, widget, or whatnot that qualifies for Is Your Friend status?  If so, let me know, and I’d be glad to include it here.

Is Your Friend