Release Notes for JRButils for AD v12

Changes to Individual Programs

Adcreate

  • Updated to not copy attribute uidNumber from a template.
  • Updated to copy auxiliary class attributes from a template. Currently, auxiliary classes with mandatory attributes are not supported.

Adfsupdate

  • Added the ability to copy all volume quotas from one Windows volume to another via /w.

Adgetobjsec

  • Fixed an issue where it would not display the DACL for rootDSE.

Adgetrest

  • Fixed an issue introduced in v11 when displaying all restrictions, adgetrest displayed the password expiration date in place of the password last changed date.
  • Fixed an issue with filtering on workstation restrictions.
  • Fixed an error where it did not filter correctly on date and times when using ‘gt’ and an incomplete time was given e.g. 23-Aug-2018:18:30.
  • Modified the heading when filtering on a date and time, so that the filter date is displayed in the output date format (the default or that specified via environment variable JRBDATETIME), instead of as specified on the command line, which may be something like “today-4”.

Adgetval

  • Updated the command line versions to support a “container” field to display each object’s container. This was already supported in the fully GUI versions.
  • Modified to recognise ‘@’ and ‘#’ as delimiters denoting the end of an attribute name, in a line containing both attribute names and text.
  • Fixed an issue when using /c to specify text to appear between attribute values, and adgetval automatically inserted %objectName as the first field, it was inserting a field width for %objectName when it should not have.
  • Modified so that when displaying values for selected attributes, and using /q to alter the format, /v may be also used to suppress the attribute names.
  • Fixed an issue where no values were displayed when using /a=* and /q.
  • Fixed an issue where it was not working correctly when a multi-character sequence was specified via /c to appear between attributes in the output.
  • Added /b=m to allow a line of output to be produced for every value of a selected attribute. The default is the first attribute, not counting the object name, but a number may follow m e.g. m3 would use the 3rd attribute. This provides a means of displaying values for a multi-valued attribute in a form where they can be saved, edited and returned to AD via adsetval.
  • Added support for auxiliary classes. If a named attribute does not belong to the selected object class, adgetval checks if it belongs to an auxiliary class and if so, allows its use.
  • Added a check box to fully GUI versions controlling whether or not auxiliary class attributes are included in the attributes list.
  • Updated to display the meaning of the values (structural, abstract or auxiliary) for the objectClassCategory attribute used by classSchema objects.
  • Added %ctnr to represent the container of the starting object e.g. OU=staff,OU=abc from CN=*,OU=staff,OU=abc. When starting from the top of the domain, the value will be rootDSE.
  • Removed an extraneous error appearing in the status bar when displaying all attributes of rootDSE in the fully GUI versions.

Adgroups

  • Fixed an issue when saving the output to a file, with “In columns at required widths” selected, only the first column was saved.
  • Fixed an issue where it failed to verify a group when only the common name was given, and this differed from the samAccountName.

Adgrplist

  • Modified to not report that a group has no members when /z is used to produce adgrpadd or adgrpdel commands.
  • Fixed an issue where it failed to verify a group when only the common name was given, and this differed from the samAccountName.

Adimport

  • Updated to recognise that “location” is a valid attribute for computer objects. For users and contacts, “location” is a label for the “l” attribute where values for “city” or “location” are stored.
  • Added the ability to specify a file containing an encrypted password as a value for /z. Use the JRButils jrbencrypt program to create the file.
  • Added control statement “Create uidNumber” to generate a unique value for attribute uidNumber from the object’s SID. This is an alternative to “Assign next uidNumber” below.
  • Added control statement “Assign next uidNumber” to assign the next higher unused uidNumber. This option may be slow to execute because AD has to be searched for the highest number already assigned. This is an alternative to “Create uidNumber” above.
  • Updated to not copy attribute uidNumber from a template.
  • Added control statement “Assign gidNumber to new groups” to ensure that any groups created when “Create groups=y” are assigned a gidNumber. The value is determined by identifying the highest value used for existing groups and incrementing it by one.
  • Added option ‘w’ to control statement “Random password type” to produce random passwords compliant with Windows password complexity requirements in terms of characters included, and not including the samAccountName, displayName, or any component of three or more letters in the displayName.
  • Added control statement “Export file format” which can have values of oem, char, utf8 or unicode.
  • Added control statement “Password file format” which can have values of oem, char, utf8 or unicode.
  • Added the ability to set attributes for auxiliary classes via the “Auxiliary classes” control statement. Classes with mandatory attributes are supported.
  • Added the ability to transfer auxiliary classes and optional attributes from a template object.

Adlist

  • Added the ability to search for objects via email address, display name and user principal name, in addition to the existing options of cn, samAccountName and user ID.
  • Added email address as a possible output field.
  • Updated to give a count in the totals line of any duplicates when searching by user ID, email address and display name. The samAccountName and user principal name must be unique.

Adlookup

  • Added an option to the fully GUI versions to include/exclude auxiliary class attributes in the list of attributes for the object class.
  • Fixed a minor issue where a small but noticeable delay could occur when starting the fully GUI versions.

Adobjsec

  • Updated the ACE add/remove/modify dialog to include two letter permissions symbols in the labels for the permissions check boxes. This makes it easier to match the symbols with the description e.g. CR for “Control access”.
  • Fixed an issue with the add/remove/modify dialog where the “Applies to” combo box might not be populated when the dialog is first displayed.
  • Added a check that when adding an object allow or object deny ACE, a value other than “The object itself” is selected in the “Applies to” combo box.
  • Fixed an issue when saving the output to a file, with “In columns at required widths” selected, only the first column was saved.

Adpsomgr

  • Removed the blank lines between consecutive policies when using /v=d or /v=n.

Adquotas

  • Fixed an issue where an application error might occur when the target server was in a different domain from that of the workstation on which the program was run.
  • Fixed an issue where the volume combo box might not be populated when working across domains.

Adschema

  • Added /n for filtering on attribute name when listing the attributes for an object class. A string optionally containing wildcards must be given e.g. /n=pwd*. The string may also be be preceded by ‘!’ to negate the search e.g. /n=!pwd* would list attributes whose names do not start with “pwd”.
  • Added /m to filter the attributes displayed based on various properties. These include:

    Attribute is associated with auxiliary classes
    Attribute belongs to the base schema
    Attribute is constructed
    Attribute is flagged confidential
    Attribute is indexed
    Attribute is multi-valued
    Attribute belongs to a property set
    Attribute is single valued

    The properties may be combined and negated in the filter e.g. it is possible to list all non-indexed single valued attributes.

Adsetowner

  • Fixed an issue where it failed to set the ownership for directories when a user was specified e.g. “adsetowner john”.
  • Fixed an issue where it was failing to set a new owner for files without a valid owner when using /a.

Adsetpwd

  • Added /g=w to produce random passwords compliant with Windows password complexity requirements in terms of characters included, and not including the samAccountName, displayName, or any component in the displayName.
  • Modified the code for generating passwords containing alphanumeric plus special characters (/g=s) so that the password is guaranteed to contain three of the four character types (numeric, uppercase, lowercase, special) but may contain all four. Previously all four were guaranteed for a password of four characters or longer.

Adsetval

  • Fixed an issue where it could report values were added, when they were already present when using /n.
  • Added the ability via /n to set multiple values for attributes holding object names. Previously, /n could be used only with attributes holding text values.
  • Added the ability to easily set values for multiple attributes in a single command using parameters in the form “givenName=Jan lastName=Smith title=Ms”.
  • Modified to not attempt to delete attributes such as accountExpires and codePage which cannot be deleted. This results in a simpler error message given only once.
  • Fixed a problem with using /d and /n together.
  • Added support for adding, modifying and removing attributes belonging to auxiliary classes. If an attribute is found to belong to an auxiliary class, that class is automatically added to the objectClass attribute if not already present.
  • Added the ability to specify an attribute in the form auxClass\auxAttribute. This may be useful when adding a value for an auxiliary attribute which is valid for more than one auxiliary class. When an attribute is valid for only one auxiliary class, that class is automatically added to the objectClass attribute if not already present.
  • Added /d=a which allows removing an auxiliary class from the objectClass attribute when attributes associated with the auxiliary class still have values in place. All values for attributes associated with the auxiliary class are removed, along with the class being removed from objectClass. /d=a is the only way to remove an auxiliary class with mandatory attributes.

Adtrstlist

  • Fixed a problem in the GUI versions where redisplaying the output as commands to remove or restore ACE entries, did not work when the “Redisplay” button was clicked. Instead the user selected columns were displayed. Clicking the “Find” button worked correctly.
  • Modified the GUI versions to display a line in the list view when processing objects, and they do not have a homeDirectory attribute, or there is an issue with the path contained therein. The relevant error message is displayed in the messages field, as well as in the status bar where it may be replaced by a subsequent error message.
  • Added the ability to display the original object name as an output field when processing the home directories of users.
  • Added the ability to display all DACL entries for home directories, not just those ACEs where the security principal is the owner of the home directory.
  • Changed the method of selecting fields for sorting in the GUI version, from a series of radio buttons to a combo box.
  • Fixed an issue where it was appending an extraneous “ /u” to adsettrust commands produced when using /b=s and a SID could not be translated to a name.
  • Fixed an issue where it failed to translate SIDs to names when the target server was in a different domain from the workstation on which adtrstlist was being run.

Adusergrps

  • Fixed an issue where it was not accepting the use of /a which can be used to limit the display of groups to those in a specified container.

Adwhodidit

  • Added two letter codes for all of the output fields, to avoid having to use letters such as ‘(’ and ‘{’. Either the one or two letter codes may be used. A consequence of the change is that a sequence of single letter codes, if used, must be comma separated e.g. /o=a,b,c. This does provide a work-around to the obscure issue of (e.g.) /o=@o being treated as a template when the intention was to display the full DOS path and owner.
  • Changed /i to an option under /h. This is a consequence of various path formatting options being combined under /h in the Micro Focus versions of this program.