Поделиться через


How to populate the “Street” field with more than 1 line of text...or, how to use top down tshooting.

 

The goal was to get the street attribute to be a multi lined value.. not streetadddress which is easy enough to do from the GUI.

So part of this is to help folks understand that if you take the basics of a system, and expand on those, then you can resolve a lot of your issues on your own. I guess the problem is expanding the understanding of the base system at lower layers.

 

Anyway, here goes.

The end result should look like the sample below.

objectGUID: 076f29a4-14c2-4686-afe6-f952e5ce226c;

objectSid: S-1-5-21-3967918733-511884834-854062973-11173;

primaryGroupID: 513 = ( GROUP_RID_USERS );

pwdLastSet: 6/30/2008 11:11:35 AM Pacific Daylight Time;

sAMAccountName: User_0012;

sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT );

street: this

is

a

test

;

userAccountControl: 0x10220 = ( PASSWD_NOTREQD | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD );

uSNChanged: 172054;

uSNCreated: 166726;

whenChanged: 7/2/2008 6:50:45 PM Pacific Daylight Time;

For me, this really ended up being a question of -- How do I dump a file in hex from built in tools? ( it really was the only really interesting and new part to me ) . A quick internet search showed nothing in box.. but plenty of hex freeware tools etc.. course we could write something but I wanted it all to be in box.

Let's start from square one in order to bring it all together.

We can begin our tour with a known value and examine it. Like.. ahaha .. streetAddress ( as opposed to street )

So StreetAddress is exposed the UI as the following:

Easy enough.. multi line output set via the UI.

Let's look at it closer.

Look in LDP at it:

primaryGroupID: 513 = ( GROUP_RID_USERS );

pwdLastSet: 6/30/2008 11:11:35 AM Pacific Daylight Time;

sAMAccountName: User_0012;

sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT );

streetAddress: this

is

spats

test;

userAccountControl: 0x10220 = ( PASSWD_NOTREQD | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD );

uSNChanged: 172057;

uSNCreated: 166726;

whenChanged: 7/2/2008 6:56:11 PM Pacific Daylight Time;

whenCreated: 6/30/2008 11:11:03 AM Pacific Daylight Time;

Look at it again, in raw hex form:

In LDP.EXE goto Options and the General options:

Change the General options to dump values in binary:

Now dump the user again:

-----------------------------------

sAMAccountName:

55 73 65 72 5F 30 30 31 32 User_0012

------------------------------------

sAMAccountType:

38 30 35 33 30 36 33 36 38 805306368

------------------------------------

streetAddress:

74 68 69 73 0D 0A 69 73 0D 0A 73 70 61 74 73 0D this..is..spats.

0A 74 65 73 74 .test

------------------------------------

userAccountControl:

36 36 30 38 30 66080

------------------------------------

Note that I highlighted the text - and any good geek will tell you that 0D 0A is... CRLF.

So. How to set this easily in the tools we have at hand.

"Street" attribute is not exposed in the UI. If we modify it in adsiedit or ldp.exe we can see it is clearly not the same:

pwdLastSet: 6/30/2008 11:11:35 AM Pacific Daylight Time;

sAMAccountName: User_0012;

sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT );

street: 123;

streetAddress: this

is

spats

test;

However, we can't easily toss in hex characters either. At least not that I can see.

So, off to the tools to dump and write hex directly as well as encode the data for input to the AD. Not easy to find in the built in OS tools.

Certutil.exe can do it though.

1. Open notepad.

2. Input some text.

3. Save it as t1.txt

C:\temp2>type t1.txt

constant

change

gives

the

illusion

of

progress

4. Dump this in hex to ensure we have our data correct -- can we indeed use the 0x0D,0x0A (sure we can.. but let's make sure again shall we.. else I don't get to show the neat hex tools in the OS ) Dump it via certutil -encodehex - you pass it the file to dump and the result file to dump to.

C:\temp2>certutil -encodehex t1.txt t5.txt

Input Length = 54

Output Length = 286

CertUtil: -encodehex command completed successfully.

C:\temp2>type t5.txt

0000 63 6f 6e 73 74 61 6e 74 0d 0a 63 68 61 6e 67 65 constant..change

0010 0d 0a 67 69 76 65 73 0d 0a 74 68 65 0d 0a 69 6c ..gives..the..il

0020 6c 75 73 69 6f 6e 0d 0a 6f 66 0d 0a 70 72 6f 67 lusion..of..prog

0030 72 65 73 73 0d 0a ress..

5. Run certutil to encode the original text file in base64

C:\temp2>certutil -encode t1.txt t2.txt

Input Length = 54

Output Length = 132

CertUtil: -encode command completed successfully.

6. Look at the data:

C:\temp2>type t2.txt

-----BEGIN CERTIFICATE-----

Y29uc3RhbnQNCmNoYW5nZQ0KZ2l2ZXMNCnRoZQ0KaWxsdXNpb24NCm9mDQpwcm9n

cmVzcw0K

-----END CERTIFICATE-----

7. Drop the base64 in a file like so:

dn: CN=User_0012,OU=stress,DC=crisco,DC=com

changetype: modify

replace:street

street::Y29uc3RhbnQNCmNoYW5nZQ0KZ2l2ZXMNCnRoZQ0KaWxsdXNpb24NCm9mDQpwcm9ncmVzcw0K

-

8. Import it:

C:\temp2>ldifde -i -f t.txt

Connecting to "sp137558a.crisco.com"

Logging in as current user using SSPI

Importing directory from file "t.txt"

Loading entries..

1 entry modified successfully.

The command has completed successfully

Dump it to make sure it made it in the AD OK:

primaryGroupID: 513 = ( GROUP_RID_USERS );

pwdLastSet: 6/30/2008 11:11:35 AM Pacific Daylight Time;

sAMAccountName: User_0012;

sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT );

street: constant

change

gives

the

illusion

of

progress

;

userAccountControl: 0x10220 = ( PASSWD_NOTREQD | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD );

uSNChanged: 172062;

uSNCreated: 166726;

yay..

 

Done.

BTW - I haven't posted in a while because I recently changed jobs ( within MS ) .. I can post more on that later on when I have more time to think about what to say there.

spat

Comments

  • Anonymous
    September 29, 2009
    Dear. Mr. Spat,   An excellent example, as usual.  One would swear you must have worked in Critical Problem Resolution in your tenure there at Microsoft.  LDAP... Active Directory?  I once knew a fellow of your keen wit with such in depth knowledge as yourself.     If I were to have a few questions of you regarding the topic, could we take them offline?  Perhaps you could write me at mhjzimmerman '@' live.com   Many thanks,   MHJ Zimmerman