I have a client that wishes to change their case. Currently their domain (changed for privacy) is named Tom Allen Jones, CPA with a Windows AD domain tajonescpa.com and for some reason he'd like to have the SMTP addresses show as "TAJonesCPA.com" as the reply to address.
Inside of Exchange Management Console, I created a test user and used the old way (testuser#tajones.com) and then changed the SMTP address to TestUser#TAJonesCPA.com but only the user's portion of the email address was changed, the domain name remained in all lower case. I also modified the AD object without any change.
Is there some way to modify this without going into a ton of hassle? It's only for about a dozen users so its not like I'd spend all day manually modifying attributes.
Thanks
You need to create a new e-mail adress policy. here is an Exchange Server 2010 – Email Address Policy – How-To that both show you how to do it using the MMC and the PowerShell command line.
It is a little bit of a kludge, but you could temporarily change the address to X-testuser#TAJonesCPA.com. Then save the change. Wait a minute and remove the "X-" from the beginning of the address. So the final address is testuser#TAJonesCPA.com. Sometimes you have to fully change the address to some other value for the UPPER/lower case change to be recognized.
Of course, you would want to be quick so new messages for the recipient don't bounce.
Related
I am currently trying to find out AD users password expiry date.
Using the methods described on numerous pages for e.g. here work fine until a user or group in AD is using a fine grained password policy that does not follow the users domain password policy.
I found a property called msDS-UserPasswordExpiryTimeComputed that figures that all out without trying to do any calculations.
This works well, until we are using a global catalog since this property is not replicated by default. When I attempting to replicate the msDS-UserPasswordExpiryTimeComputed property in my global catalog, I get the following error:
Is there anyway to replicate this property or is something wrong with my setup that is not allowing me to replicate this property? Is there a better way to calculate user password expiry to take into account the fine grained password policy?
I suspect you can't. I can't find any authoritative documentation saying it is not possible, but here are the reasons I think it's not possible:
The attribute is constructed, meaning it's not stored, but it's calculated at the time you ask for it.
The date depends on the policy on the domain, thus the server returning the data needs to know the policy on the domain of the user.
Since a GC may not be on the domain of the user you find, it may not have the information needed to be able to calculate the value.
As a workaround, you can just rebind to a DC to get the value. You didn't say which language you're working with, but usually you can take the path of the object you found, which will start with "GC://", and just replace that with "LDAP://". Then grab the msDS-UserPasswordExpiryTimeComputed value.
Can anyone help me with the iMacros? This will be my first time that i will use this. I need to create a script to visit a certain website but for each visit IP address should change for the website to count it as a unique visitor.
Here's what i have so far:
URL GOTO=http://sampleWebsite.com
WAIT SECONDS=10
SET !ERRORIGNORE YES
PROXY ADDRESS=192.168.4.5:80
BYPASS=http://sampleWebsite.com
I'm really not sure about the PROXY ADDRESS and BYPASS script part.
I don't think you can do that.
Your IP address is a property of your computer, not your browser.
Typically it is allocated dynamically via DHCP, but could be set statically via eg control panel.
In the DHCP case, you could in theory release the Ip address, and hope the DHCP server allocates a different one
hint: it probably wont.
In the static case, modification typically requires user interaction and administration permission.
However, assuming this website is public, and not on the local network, then it doesn't matter. The Ip address the website sees is your public IP, and this is set by the ISP. You have no control over this.
By the way, IP address is a terrible way of detecting unique visitors, as it doesn't allow for large corporate environments where hundreds/thousands of unique users will share one external IP.
It is more likely that the website would use additional information, for instance cookies, user agent strings etc. You might have better results if you modify the user agent string, and clear cookies
I thought I understand how Kerberos works, now I am not sure at all.
We have a problem with Kerberos authentication on a 3rd party server with Windows Active Directory. The server support is insisting that what they call "kerberos server" passes additional information somehow, namely fields identified as uid and email, and I need to confirm that they are indeed "sent" by the server before they can help any further. I read "kerberos server" as the KDC, which "sends" information by placing it into the TGT, and the uid may be the good old UPN, except I do not understand why I am asked to confirm it is really there. But what is the email attribute?
I even read the whole RFC4210, but could not find any possible place for additional info in any of the tickets. In general, 1.5.2 talks about extending the protocol, but in the very abstract manner. There are also KRB_SAFE and KRB_PRIV messages, that can be used to pass arbitrary octet strings (3.4, 3.5), but no step towards defining their structure is done in the standard. There is also padata extension, that 5.2.7 notes have also been used as a typed hole with which to extend protocol exchanges with the KDC., but this seems sent one-way. And nowhere the RFC seem to talk about additional identified fields that the authentication server can attach to the ticket.
My question is thus bifold:
Theoretical: how additional attributes are passed in Kerberos, presumably in an interoperable way (not e. g. Active Directory extensions)? What am I being asked to confirm?
Practical, if anyone can help with that: how to track what is placed by the AD into these attributes?
The server support is very lousy at telling you what they really want to have. Here is what you need: You want the KDC to send you PAC data with the generated service ticket. Here is Microsoft's reference: https://msdn.microsoft.com/en-us/library/cc237917.aspx.
How to verify? You need the a keytab for the account which is accepting the security context. Configure that with Wireshark, log all traffic. You should see the TGS-REP for the service you'd like to use. Expand it, when the keytab is fine, you will see the decrypted information. Somewhere down below, you should see the Authorization Data fields, type 1 (AD-IF-RELEVANT). That is an ASN.1-encoded sequence of elements. Even element position describes the sub type, odd element position the octet string. In that octet string is again an ASN.1-encoded suquence with type 128 (AD-WIN2K-PAC) and that is the PAC data. Unfortunately, Wireshark can decode upto level one only. The request is an opaque byte buffer. I have minimal, working (though incomplete) Java implementation of the PAC data decryption.
The email value is not included in that structure but what you have is the RID KERB_VALIDATION_INFO structure and the userPrincipalName in the UPN_DNS_INFO structure. The latter is extremely easy to decode.
First check via LDAP that for the desired client account userAccountControl does not has the NA field set.
Godspeed.
We have a ColdFusion page where admins can insert/update some real estate records after logging in. We are noticing that in one table's Memo field called 'description', there are sometimes tags which hacking/junk info occasionally. I have introduced Captcha. The page is password protected and no linked from any pages--no accessible by search engines unless someone gave out the url accidentally. We are now also tracking the IP address of the person who is doing the inserts/updates. But still we just saw that all the data in the description field had the [junk text] -appended' to the end of the valid text , with an internal ip address of 192.168.0.101. This IP is someone's personal computer. One of our theory is that the person's computer is compromised. But what kind of virus would do that? Also, what I would like to do is to have a field called 'approved' which is 'no' by default but anytime an Insert/Update happens it goes to 'no' and 'triggers' an email to admins about the change. What could be the syntax of that inside SSMS? Thanks!
The most likely cause is SQL injection. It could be that your internal PC is compromised by malware or a viris that is attacking your site using one of many dozen attacks. The most common of them do exactly what you are describing...append content to the end of text or character fields in the DB. Here's a description of one common attack that does just that.
I would also check the following
Make sure handler scripts are "locked down" too - not just root urls. Sometimes a script you include is accessible via url and is used in hacking attempts.
Look for old code elswhere in your site that might not be password protected. if you have a legacy code base chances are there's some old code lying about that needs clean up :)
Look in the web logs for URL params with values that begin with EXEC( - this is a common approach to injection.
Scan the PC in question rigorously. Install charles or wireshark and watch HTTP traffic to see what's going on.
Finally, check all your cod for vulnerability to SQLi. Make sure all your variables use cfqueryparam and you have other controls in place. Passwords are not the only level of protection you need :)
I have seen some web apps that allow me to email stuff to a special ID and it magically turns up in my account. How exactly do they do this?
Without you giving an example of the specific service you're thinking of, it's hard to know exactly, but one way could be:
you give your email address to one of these sites, e.e. magic-mail.com
they insert this into their db, and take the db id value for this entry (12345)
they give you an address using this id (12345#magic-mail.com)
when mail is received by magic-mail.com, they look up the part before the #, pull out the associated email address for that ID, and relay the message on to the address you gave initially (toby#example.com)
There are many other ways of doing this, likely more simple than the above, but again, without examples it's hard to tell you exactly how the site you're thinking of is operating.
Edit
On reading the question, I assumed "my account" meant your mail account. If you meant an account you have on this company's system, then the process would be the same as the above, but changing the last step to:
when mail is received by magic-mail.com, they look up the part before the #, pull out the associated email address for that ID, and copy the contents of the message to the account associated with that id.
You can write a simple script on python/php or any language your know. Make it recieve a pop mail for account 'myName#mySite.com' and put the content to db.
It is quite easy.
You would need a way to monitor the mail account for new messages, read the message format, parse out the parts that are important to you and then perform the insert.
Monitoring the mail account would require having a script running on the server in a specified interval, otherwise the only other way would be to access a certain URL manually which would access the mail account and do all the necessary processing.
Depending on your hosting provider and the amount of freedom they give you, this may or may not be possible.
Short way:
You need to write a script that will connect to mail server, fetch mails, parse them and then put to database.
Run this in a cron job and you're set.