Thursday, August 30, 2012

How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

san:dns=dns.name&dns=dns.name2&dns=dnn.name3&dns=....

For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:
san:dns=server.name&dns=aliasserver.name.

Tuesday, August 7, 2012

Quickly archive log files on daily basis

In this case server was creating log files few in a second and by the end of the day there were tons of logs in the folder, and manipulations with those files was painful. So, I decided to make a scheduled task which will archive log files older then one day, and delete them after they were added to the archive. I was using rar as archiving solution, and here is the command for the task:

"C:\Program Files\winrar\rar.exe" a -ag -df -to1d -x*.rar  destinationfolder\archivename- sourcefolder\*.*
  • a will add files to archive
  • -ag will stamp archive name with current date
  • -df will delete files after archiving
  • -to1d will process files older than 1 day
  • -x*.rar will exclude rar files in archive if any

Archive name will look like: archivename-YYYYMMddhhmmss.rar .

Wednesday, August 1, 2012

How to find disabled user accounts in AD with attributes for proxy address, phones or sip set

Here are simple ldap queries for finding user accounts using active directory user and computers, which are disabled and have following attributes set:

  • Proxy address
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(proxyAddresses=*)))

  • SIP
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(msRTCSIP-PrimaryUserAddress=*)))

  • Phone numbers
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(|(mobile=*)(telephoneNumber=*))))