May 20th, 2019

The Case of the Unrestorable AD Account

So, funny thing happened to me today.

By “funny” I mean “so maddening I wanted to execute the original programmer so the evil bastard can’t breed.”

So, you know how when you delete an Exchange mailbox, the only warning it gives you is:

Do you want to delete “XXX”?

Turns out that also deletes the AD account.

Wait. Check that.

It instantly deletes and recycles the AD account, bypassing the tombstone waiting period.

So, I had cause to restore one this morning and I usually:

1. Open up LDP, connect everything and grab the GUID
2. Open up AD PS and run get-adobject with the -includedeleteditems switch, to make sure it’s still there
3. Restore-adobject -identity “[GUID]” [other necessary junk]

Simple.

Except I’m getting ‘Directory object not found’ or ‘Illegal modify operation’ or, ‘The requested delete operation could not be performed’ when I was ready to give up and kill the whole thing.

So, literally the only reasonable thing you can do, whether the account was deleted in Exchange on purpose or not, is to adjust the tombstone lifetime to 1, then wait until tomorrow. There’s a nice, straightforward guide on that here, if you’re not familiar.

And on another note, exactly how stupid is it that “isrecycled=true” means that something is no longer in the recycle bin. It makes logical sense with an *actual* recycling bin, as recycled items have to be removed first, but flies directly in the face of decades of training – from the same company – to read “recycled” as ‘still available somewhere’ while the word for ‘nope, you’re not getting that back’ is “deleted.”

Now, I know I could go through authoritative restore, but that was entirely too much to do after I’d wasted so much time on this nonsense, leaving it outside the parameters of “reasonable.”

In: Computers, How ToNo Comments

May 2nd, 2019

Let’s all make a note of this

Yesterday, the Attorney General of The United States said this, out loud, on camera, while sitting in front of the Senate Judiciary Committee:

“[If an investigation is] based on false allegations, the president does not have to sit there constitutionally and allow it to run its course. The president could terminate the proceeding and it would not be a corrupt intent because he was being falsely accused.”

I think we should all take note of this particular moment in time.

Because the simple-language translation of that is: “The president can do anything he wants, and if anyone ever accuses him of breaking the law, all he has to do is say ‘No I didn’t’ and it’s case closed.”

That’s not an alarmist interpretation of what just happened. It’s simply listening to the words and following the logic of those words.

To explain, in an orderly fashion:

  1. Barr is specifically referring to investigations based on false allegations.
  2. Common sense tells you it’s impossible to prove that an allegation is false until after it’s been investigated. Otherwise, it’s not an investigation at all – you’re just taking someone’s word.
  3. Barr is very plainly telling us that the president can decide an allegation is false before an investigation has been conducted or completed. And he does not have to provide independently-verified proof of an allegation being false.
  4. Therefore, the president must be taken at his word, as there are no means to validate his claim that the allegation was false.
  5. If that is true, the president has full legal authority to declare a true allegation to be false. All he has to do is lie (which is not exactly out of the realm of possibility for a politician).**

And that’s how you end up with this sort of thing:

In this country, when someone says “that person committed a crime,” we have organizations like the police and the FBI and the DOJ that are chock-full of professional investigators whose job it is to figure out whether or not an accusation is true, and whether or not that can be proven in court.

In this country, you don’t get to just say “I didn’t do that,” and then demand that the police/FBI/DOJ stop bothering you.

In this country, nobody is above the law.

At least, that’s how things worked up until yesterday.

**Seriously, just try to imagine this happening to you. Imagine you could stop the police from investigating anything you ever did, simply by claiming you didn’t do it. Now, if you’re a GOP supporter, imagine Hillary Clinton, Elizabeth Warren or Bernie Sanders having that power. Still sound like a good idea?
In: News, PoliticsNo Comments

April 29th, 2019

The Spamvengers: Stupidgame

So, one of my users just got a phishing email from a lazy-ass cred thief.

It was fairly well composed, HTML-wise. So, I’ll give them that. But OMFG how could you completely fall down on the job with everything else? For instance:

The second dir I obfuscated because it’s the name of the supposed sender. I’m gathering this twit got a hold of their account and copied out the contacts list for this little endeavor.

But, seriously? Block directory listing, you imbecile.

Because that inevitably leads to someone clicking through and finding a handy zip of all your PHP. And that leads to them finding a plain text copy of the emails you were having all the credentials sent to:

And that leads to no one caring about obfuscating your address, since you’re a spammer dickhead. Or using online services to flood your inbox for hours on end.

I don’t know what dastardly individual would do that second part, though.

Oh, that’s right.

In: Computers, How ToNo Comments

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org