Errata

I do not own this book, but I stumbled over this page:

http://techtasks.com/code/viewbookcode/1605

The quoted recipe has a serious problem like this:

$intObj = Math::BigInt->new( $intObj->bmul('10 000 000') );

The constructor for Math::BigInt does no longer allow spaces, thus the entire script will fail.

Since I do not own the book I cannot say if this has been fixed in a newer edition, but if it hasn't, it
needs to be addressed.

Changing this line and similiar lines to

$intObj = Math::BigInt->new( $intObj->bmul('10_000_000') );

will fix the problem.

In addition, this script contains many needless constructors for BigInt etc. which all lead me to believe
it was written a long time ago when these things were actually necessary.

If you need someone to review these scripts, just send me an email.

The book says "LDIF file does not specify the user's password; this attribute must be modified after the user object has been created." but that's not true. Here's an LDIF that creates a user account, sets the password, and activates the account all at the same time:

dn: cn=Joe User,ou=Test,dc=example,dc=com
objectClass: user
givenName: Joe
sn: User
sAMAccountName: JUser
userPrincipalName: JUser@example.com
# enable the account
userAccountControl: 512
# the password is NOT encrypted, it is plain-text, wrapped in double-quotes and base64-encoded
unicodePwd:: IgBDADAAbQBwAGwAZQB4AFAAYQBzAHMAdwAwAHIAZAAiAA==

The password needs to be base64-encoded (see recipe 11.4 or use CAPICOM.Utilities). Here's an example in VB:

Set Utilities = CreateObject("CAPICOM.Utilities")
Password = "C0mplexPassw0rd"
' you must wrap password in double-quotes, see http://support.microsoft.com/kb/263991
unicodePwd = Utilities.Base64Encode("""" & Password & """")

import the LDIF using ldifde:
ldifde -i -f joeuser.ldf -t 636 -j .

Or use -h to enable SASL encryption
ldifde -i -f joeuser.ldf -h -j .

book says "LDIF file does not specify the user's password; this attribute must be modified after the user object has been created." but that's not true. here's an LDIF that creates a user account, sets the password, and activates the account all at the same time:

dn: cn=Joe User,ou=Test,dc=example,dc=com
objectClass: user
givenName: Joe
sn: User
sAMAccountName: JUser
userPrincipalName: JUser@example.com
# enable the account
userAccountControl: 512
# the password is NOT encrypted, it is plain-text, wrapped in double-quotes and base64-encoded
unicodePwd:: IgBDADAAbQBwAGwAZQB4AFAAYQBzAHMAdwAwAHIAZAAiAA==


the password needs to be base64-encoded (see recipe 11.4 or use CAPICOM.Utilities). here's an example in VB:

Set Utilities = CreateObject("CAPICOM.Utilities")
Password = "C0mplexPassw0rd"
' you must wrap password in double-quotes, see http://support.microsoft.com/kb/263991
unicodePwd = Utilities.Base64Encode("""" & Password & """")


import the LDIF using ldifde:
ldifde -i -f joeuser.ldf -t 636 -j .

Or use -h to enable SASL encryption
ldifde -i -f joeuser.ldf -h -j .

Capability only available in Windows 2000. Removed from ntdsutil and no longer available.

'Extended' check box needs to be checked for this to work, otherwise fails.