Monday, March 30, 2009

csvde to excel Human readable LastLogon or LastLogonTimestamp

I was given the task of making a human legible report of Users, OUs, and Last Login Times. Easy enough right? I logged in to one of the servers as an admin and ran

F:\>csvde -r "(objectClass=user)" -f output.csv
-l cn,givenName,sn,n,ou,lastLogon

* note.. all that is on one line. I wrapped it because blogger was cutting it off.

That worked great, but excel choked on the dates. It turns out this is because the dates are not "normal" timestamp dates. "Normal" timestamps are based on the number of seconds since midnight on 1/1/1970. The timestamps in Active Directory in UTC format, a 64 bit number based on the number of nanosecond since 1/1/1601 divided by 100! For even more complexity, Excel's dates are based on the number of days since 1/1/1900. Arrgh.

As theoretical knowledge goes, that is all fine and good.. but how do we use it in excel?

The formula to convert from Active Directory LastLogon or LastLogonTimestamp is:

=IF(C2>0,C2/(8.64*10^11) - 109205,"")

  • C2 is the cell that contains the Timestamp.

  • The If() statement hides the value if the user has not logged in.

  • (8.64*10^11) is the number of nanoseconds in a day divided by 100.

  • 109205 is the number of days, including leap days, between 1601 and 1900. (Remember, 1900 is when excel dates "start")

That's it. Paste in your formula and format it as a date, or date/time. The times returned are in GMT. All of the other solutions I saw in my google searches pointed to a vbScript solution. Please leave a comment if this helps you.


P.s. If you want it in Central US time (GMT-6), subtract 0.25 (That is 6 hours divided by 24 hours in a day). For Eastern time (GMT-5), subtract 0.208333333 .. (5/24).

Tuesday, March 17, 2009

Rpc over http and UCC SSL gotchas

Here is a quick note for those using UCC certificates for RPC over Http. The name of your rpc/http server has to be the common name of your ssl certificate, an alternative name will not work. Between this bug, the IPv6 bug, and the complete lack of any logging facilities, I am starting to get the feeling that this service was written by an intern. (and not a good one)

Wednesday, March 11, 2009

SOLVED: Blackberry Internet Service (BIS duplicate messages from Exchange

A number of my users have been reporting duplicate messages on their Blackberry handhelds when we reconfigured them to use our shiny new Exchange 2007 Servers. After some digging, a message was being re-delivered to the handheld every time the message was A.) Marked Read, B.) Replied to, C.) Found in a search. This occurs only with Blackberry Internet Service (BIS) users connecting to the Exchange server with IMAP.

As it turns out, Exchange is changing the IMAP message ID every time one of the above actions occurs*. This causes RIM to see the message as new and re-transmit it to the handheld.

The options to fix it are..

Switch BIS to POP3 instead of IMAP. But then deleted items sync won't work.
Switch to Blackberry Enterprise Server. $5k in software fees, more depending on your user count.
Switch BIS to OWA..

That last option is the most promising. Unfortunately, with Exchange 2007 and forms based OWA authentication (the default), the normal url doesn't work. Neither does

What does work... the magic bullet for BIS+OWA on Exchange 2007 is..

I have not found this tidbit on any forums or documentation, and I really hope it helps someone.

Good Luck,

* Constructive criticism for Microsoft. You stupid cod-flogging idiots. Why in the name of potato would you do such a thing?! Did you even _look_ at the RFC? This is what IMAP flags are designed to do. Please, please fix this, print the RFC and use it to flagellate the committee that designed this AND the committee that approved it.

Friday, March 6, 2009

Upgrating old Ubuntu Lts server's ssh

A minor Ubuntu annoyance today.. I have an old Ubuntu LTS server that tripped a nessus scan because the openssh version was too old.

I did an apt-get upgrade, but the ssh packages wouldn't upgrade, failing with this error...

root@bna-fw1:~# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
The following packages have been kept back:
linux-image-server openssh-client openssh-server

I checked in the /etc/apt directories looking for some reason why it was held back to no avail.. Then I checked dpkg -l openssh-server but the package wasn't marked as held either. Then I gave up and googled it. As it turns out, upgrading ssh requires you to install the oops-sorry-we-made-ssh-unsecure-won't-happen-again package openssh-blacklist package and apt-get "upgrade" can't install a new package. This seems like an open manhole waiting to swallow any sysadmin that blindly trusts apt-get upgrade for updates..

The command to fix it and upgrade openssh-server/client is...

apt-get install openssh-blacklist