Brady
A moan, a groan, my life story and how me, a technically minded person just can't seem to fit in with anybody.

Archive for September, 2009

Microsoft Exchange/Outlook – Mail won’t leave outbox (won’t send)

As of lately we have had a few users where they compose a message in outlook and when they hit send the message goes to their outbox to send but it remains there and nothing you do will release it. However when the user logs into Outlook Web Access the message sends perfectly fine. This immediately indicates that the issue is client side in Outlook.

I must have spent ages trying to get Outlook to send but eventually a colleague of mine find a setting deep within Outlook which fixed the issue of emails not being sent and stuck in the outbox. The setting is as follows:

Outlook -> Tools -> Options -> Preferences (Tab) -> Email Options (Button) -> Advanced Email Options… (Button)

Then when there make sue that the follow tick box is un-checked: “In folders other than the Inbox, save replies with original message”.

Not sure what this does but when we un-tick it mail flow starts working again.

Microsoft Exchange – Recover deleted items from Outlook

Have you ever emptied your deleted items folder in Microsoft Outlook and realised you really did need that email you just deleted?

Well your in luck as it can be recovered, providing that the Microsoft Exchange Server has been told to keep deleted emails for a certain period of time.

Firstly you need to make a registry edit on your local machine to make the option available to you in Outlook.

1) Close Outlook
2) Run Regedit
3) Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Client\Options
4) Add a new DWORD called DumpsterAlwaysOn
5) Set the DWORD to 1.
6) Close Regedit and launch Outlook.
7) Go to Tools->Recover Deleted Items…

There we have it. If you are not happy making changes to your registry yourself then you can use the following reg file that will make the change for you

[HTML]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options]
“DumpsterAlwaysOn”=dword:00000001
[/HTML]

Download Reg File Here

PHP – Get users SID from Active Directory via LDAP (objectsid)

Have you ever needed to read an AD users SID so you can use it as the unique identifier it is?

Well I did but when I read out objectsid from AD for a user I found a load of weird symbols. It turned out that the data outputted was binary data. So after some digging around to see how to translate the binary data to a human readable SID like S-1-5-21-823795046-756116320-56781596-16683 I got to work to write a PHP script that could do just that.

This is what I came up with:

[PHP]$suffix =”@sub.mydomain.co.uk”;
$base_dn = “dc=sub,dc=mydomain,dc=co,dc=uk”;
$server = “127.0.0.1″;

$USERNAME = “username”;
$PASSWORD = “password”;

$USERNAMETOSEARCH = “user to get sid”;

$ds = ldap_connect($server);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, $USERNAME.$suffix, $PASSWORD);
$sr = ldap_search($ds, $base_dn, “(samaccountname=”.$USERNAMETOSEARCH.”)”);
$entries = ldap_get_entries($ds, $sr);

// All SID’s begin with S-
$sid = “S-”;
// Convert Bin to Hex and split into byte chunks
$sidinhex = str_split(bin2hex($entries[0]['objectsid'][0]), 2);
// Byte 0 = Revision Level
$sid = $sid.hexdec($sidinhex[0]).”-”;
// Byte 1-7 = 48 Bit Authority
$sid = $sid.hexdec($sidinhex[6].$sidinhex[5].$sidinhex[4].$sidinhex[3].$sidinhex[2].$sidinhex[1]);
// Byte 8 count of sub authorities – Get number of sub-authorities
$subauths = hexdec($sidinhex[7]);
//Loop through Sub Authorities
for($i = 0; $i < $subauths; $i++) { $start = 8 + (4 * $i); // X amount of 32Bit (4 Byte) Sub Authorities $sid = $sid.”-”.hexdec($sidinhex[$start+3].$sidinhex[$start+2].$sidinhex[$start+1].$sidinhex[$start]); } echo $sid;[/PHP] Now this is written in PHP but I’m sure this code can be pretty much be translated to any other language.

PHP – Active Directory – Reading UserAccountControl

At the moment I’m doing a lot of work with Microsoft Active Directory and PHP. I’m building a few tools in PHP which reads data out of AD.

Now one of the things I wanted to read out was to see if the account was locked or if its password never expired. I couldn’t find these entries in AD but after searching those entries are stored in “useraccountcontrol”. But when I looked it was just a number. How does that number tell you if the account is locked?

http://msdn.microsoft.com/en-us/library/ms680832(VS.85).aspx

On the above link is how that number is generated and once I understood that I got to work on writing a PHP script which translates that number into something more usable. Once I wrote the script I put it up on the Hot Scripts Forum to see if the code I wrote could be improved on and optimised. Here is what they came back with:

[PHP]
$userAccountArray = array(
‘ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION’ => 0,
‘ADS_UF_PASSWORD_EXPIRED’ => 0,
‘ADS_UF_DONT_REQUIRE_PREAUTH’ => 0,
‘ADS_UF_USE_DES_KEY_ONLY’ => 0,
‘ADS_UF_NOT_DELEGATED’ => 0,
‘ADS_UF_TRUSTED_FOR_DELEGATION’ => 0,
‘ADS_UF_SMARTCARD_REQUIRED’ => 0,
‘ADS_UF_MNS_LOGON_ACCOUNT’ => 0,
‘ADS_UF_DONT_EXPIRE_PASSWD’ => 0,
‘NOT_USED_8000′ => 0,
‘NOT_USED_4000′ => 0,
‘ADS_UF_SERVER_TRUST_ACCOUNT’ => 0,
‘ADS_UF_WORKSTATION_TRUST_ACCOUNT’ => 0,
‘ADS_UF_INTERDOMAIN_TRUST_ACCOUNT’ => 0,
‘ADS_UF_NORMAL_ACCOUNT’ => 0,
‘ADS_UF_TEMP_DUPLICATE_ACCOUNT’ => 0,
‘ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED’ => 0,
‘ADS_UF_PASSWD_CANT_CHANGE’ => 0,
‘ADS_UF_PASSWD_NOTREQD’ => 0,
‘ADS_UF_LOCKOUT’ => 0,
‘ADS_UF_HOMEDIR_REQUIRED’ => 0,
‘NOT_USED_4′ => 0,
‘ADS_UF_ACCOUNTDISABLE’ => 0,
‘ADS_UF_SCRIPT’ => 0
);

function ADUserAccountControl($val) {
global $userAccountArray;
$x = pow(2, count($userAccountArray) – 1);
foreach($userAccountArray as $k => $v) {
if(($val – $x) >= 0){
$userAccountArray[$k] = 1;
$val -= $x;
} else {
$userAccountArray[$k] = 0;
}
$x = $x / 2;
}
}
[/PHP]

Simply pass your useraccountcontrol value to the function and read the results out of the array.