a blog on technology in the real world

In a continuing process of cleaning up horrible decisions by our predecessors, we just moved a website off one of our domain controllers. The website was moving from IIS6 to 7 (or 7.5, whatever comes with Server 2008 R2), and it required some tweaking to start working again. One of the parts that didn’t work was a self-help page where teachers could unlock student accounts. I set up this web server, and created a service account for it that doesn’t have any special rights on the domain. Because the website runs in IIS as this service account, it could query the domain with no problems, but it didn’t have the rights to unlock accounts.

This is obviously where I differ from a coworker…

him: “Just add the service account to Domain Admins”

me: “Why would I want to do that?”

In the end I remembered I can delegate just the permissions needed to unlock our student accounts to that service account and it works fine.

Why use a hammer when you only need a tiny screwdriver?

Here’s a quick one-line script I’ve been using to clean up some old computer accounts in active directory. It requires the dsquery and dsrm tools from the Server 2003 Admin Pack or the Remote Server Administration Toolkit.

@for /f %%a in ('DSQUERY COMPUTER -NAME *%1') do (dsrm %%a)

Save that in as a batch file and it’ll query Active Directory for computers including the argument passed.  Here’s an example with a naming structure where we have the last 4 digits of the MAC address in the name for uniqueness.

C:\>adrm.cmd 6736
C:\>(dsrm "CN=LABPC6736,OU=Labs,DC=yakk0,DC=org" )
Are you sure you wish to delete CN=LABPC6736,OU=Labs,DC=yakk0,DC=org (Y/N)? y
dsrm succeeded:CN=LABPC6736,OU=Labs,DC=yakk0,DC=org

My wife and I have been without surround sound since we got our HDTV last year. When I first got into home theater sound systems I got a “home theater in a box” kit with a receiver that was also a 5-disc DVD changer. Because we now had a HDTV, I wanted to have the best visual appearance for our DVDs and got an upconverting DVD player. The problem was that the DVD player wouldn’t connect to the receiver, which makes sense…why would you have a standalone DVD player when you have 5 built-in? Another problem was the audio from our TivoHD. The old receiver had no HDMI inputs. Because of this, we pretty much only used the receiver for listening to radio. Around the time we moved the DVD player in the unit completely died, so it didn’t make the move with us. We have been using just the speakers in the TV since, and it’s been a good experience. I really wanted a new receiver though. Not only for the audio, but I wanted a good HDMI switcher and upconverter for my non-HD stuff. Thanks to my newly employed status and our tax refund I’m now the owner of a Onkyo TX-SR806 Receiver.

Read more