Active Directory Cookbook, Second Edition by Robbie Allen, Laura E. Hunter The unconfirmed error reports are from readers. They have not yet been approved or disproved by the author or editor and represent solely the opinion of the reader. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification This page was updated August 5, 2008. UNCONFIRMED errors and comments from readers: (91) 3rd registry entry; [HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders] NTPServer: REG_DWORD - 1 Should read: [HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer] Enabled: REG_DWORD - 1 [123] chapter 6; I do not own this book, but I stumbled over this page: http://techtasks.com/code/viewbookcode/1605 The quoted recipe has a serious problem like this: $intObj = Math::BigInt->new( $intObj->bmul('10 000 000') ); The constructor for Math::BigInt does no longer allow spaces, thus the entire script will fail. Since I do not own the book I cannot say if this has been fixed in a newer edition, but if it hasn't, it needs to be addressed. Changing this line and similiar lines to $intObj = Math::BigInt->new( $intObj->bmul('10_000_000') ); will fix the problem. In addition, this script contains many needless constructors for BigInt etc. which all lead me to believe it was written a long time ago when these things were actually necessary. If you need someone to review these scripts, just send me an email. [214]last paragraph in Solution section; The book says "LDIF file does not specify the user's password; this attribute must be modified after the user object has been created." but that's not true. Here's an LDIF that creates a user account, sets the password, and activates the account all at the same time: dn: cn=Joe User,ou=Test,dc=example,dc=com objectClass: user givenName: Joe sn: User sAMAccountName: JUser userPrincipalName: JUser@example.com # enable the account userAccountControl: 512 # the password is NOT encrypted, it is plain-text, wrapped in double-quotes and base64-encoded unicodePwd:: IgBDADAAbQBwAGwAZQB4AFAAYQBzAHMAdwAwAHIAZAAiAA== The password needs to be base64-encoded (see recipe 11.4 or use CAPICOM.Utilities). Here's an example in VB: Set Utilities = CreateObject("CAPICOM.Utilities") Password = "C0mplexPassw0rd" ' you must wrap password in double-quotes, see http://support.microsoft.com/kb/263991 unicodePwd = Utilities.Base64Encode("""" & Password & """") import the LDIF using ldifde: ldifde -i -f joeuser.ldf -t 636 -j . Or use -h to enable SASL encryption ldifde -i -f joeuser.ldf -h -j . [599] Problem; Capability only available in Windows 2000. Removed from ntdsutil and no longer available. [688] Point 18; 'Extended' check box needs to be checked for this to work, otherwise fails.