Thursday last week, my CEO pulled me into his office and asked if there was anything that could be done for the Free/Busy (FB) information. I told him the same speel I have been telling everyone else. Gotta wait for DomainB. All night I started crunching ideas. Over the course of Friday and Monday, I finally solved it. All services are now working. So, on to how I did it…

AutoDiscover

The IT department of DomainB wasn’t particularly helpful and was giving me the same speel I was giving everyone else. Because the OWA URL used a non-standard URL, AutoDiscover would never find the XML file. If you were on DomainB, it would find it via SCP (Service Connection Point). But since we are on DomainA, we don’t have rights to DomainB’s SCPs. So I found a way to force Outlook 2010 to use a local XML file.

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\”PreferLocalXML”=dword:1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\”DomainB.com”=”\\path\to\file.xml”

Since AutoDiscover.xml is dynamically generated upon viewing, you can’t really just copy and paste the contents from the real file. You have to redirect.

<?xml version="1.0" encoding="utf-8"?> 
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> 
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> 
    <Account> 
      <AccountType>email</AccountType> 
      <Action>redirectUrl</Action> 
      <RedirectUrl>https://remote.DomainB.com/autodiscover/autodiscover.xml</RedirectUrl> 
    </Account> 
  </Response> 
</Autodiscover>

This works by responding back with all the URLs necessary for OOF, FB, AS, etc. This is of course assuming that the Exchange server is correct and has FQDNs. This also pulled other settings such as Personal Archive folders.

Once Outlook reads from this file when setting up an email account, everything is built out without the need for further configuration in Outlook.

Passwords

This one is simple. In the password vault of Windows 7 (or the password area in XP), add your Exchange servers CAS and Mailbox servers manually. Be sure to use the credentials from DomainB. The “Save password” checkbox may not work.

OOF and Availability Services

Actually, this one is easy too if you did the same from above. Our paticular DomainB had a “web.DomainB.com” and a “mailbox.DomainB.com” and “cas.DomainB.com” so I added all three in which case, OOF and AS are now working.

First, you would think you could find it in the registry. This may have been possible with older versions, but with 9.0+ (and possibly lower, I just haven’t checked), it is not saved in the registry.

There is a software product called Recover Keys that will do this for you, but it needs to be purchased and their demo will not show the entire key. This program will even search the whole network for you, but at a much higher cost. So I set out to find out HOW this program found the serial number. Using ProcMon, I discovered that it searched all over the registry, then it started to search Adobe folders. It came across this file:

C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\cache\cache.db

It turns out that this file is a SQLite database. Using an SQLite browser, sure enough, there was my serial number. Here is how to find the serial:

SELECT value FROM domain_data WHERE key = 'LineCU 4';

It should spit out your serial number. Using these two steps, it should be possible to write a program that finds the cache.db folder on the computer then reads the value out of. I will be investigating doing this on our network programmaticly.

I checked this against Adobe Acrobat 9 Pro, and it was the same. However, on Adobe Acrobat 8 Standard, the key is different. Here it is:

SELECT value FROM domain_data WHERE key = 'EPIC_SERIAL';

I hope this helps you. I may be designing an application that you can point at a computer name and it returns the serial. I’ll post it up here if I do.

So come to find out, no one makes a free LDAP browser that actually supports version 2.0, and certainly none that will talk to the hacked version on the CallPilot system. LDAP 2.0 is ancient as I heard it quoted on one website. But, PHP supports 2.0. So I took my Active Directory lookup script, and modified it for use with CallPilot. I’ve posted a script below that you can use if you’d like to do lookups against this directory. It uses any voicemail user and password (I used mine for instance). Next, I may be playing with the IMAP server that appears to be running on the CallPilot system. That should prove interesting…

<?php

// Specify server settings here
$CP_Server="0.0.0.0"; // Enter the IP address of your CallPilot System
$CP_User="mail=12345671111@CALLPILOT.domain.com,dc=nortel,dc=ca"; // The extention was prefixed with the VPIM
$CP_Password=""; // Password for voicemail box
$CP_Root="addressbook=user,dc=nortel,dc=ca"; // You should probably leave this alone

function connectLDAP($server,$user,$password) {

	// Issue the connect command
	$cp_connect=ldap_connect($server) or
	die ("Could not connect to LDAP");

	// These options are required for MS Active Directory
	ldap_set_option($cp_connect, LDAP_OPT_PROTOCOL_VERSION, 2);
	ldap_set_option($cp_connect, LDAP_OPT_REFERRALS, 0);

	// Bind to AD with the username and password
	$ds_connect = ldap_bind($cp_connect,$user,$password) or
	die("Couldn't bind to CallPilot!");

	// Return handler
	return $cp_connect;

}

function disconnectLDAP($handle) {

	// Disconnect from the server
	ldap_unbind($handle);

}

function searchLDAP($ldap,$query,$root,$sort) {

	// Query the LDAP server
	// Future: Want adjust the array on the fly later, such as objectclass
	$sr=ldap_search($ldap, $root, $query);
	 
	// If a sort field was requested, adjust the list
	if ($sort) {
		$st=ldap_sort($ldap, $sr, $sort);
	}
	 
	// Generate the array, and return
	 
	$info = ldap_get_entries($ldap, $sr);
	 
	return $info;
 
}

// Start the script, check for extention
if ($_REQUEST["ext"]) {
	$cp = connectLDAP($CP_Server,$CP_User,$CP_Password);
	$query = "(&(telephonenumber=".$_REQUEST["ext"]."))"; // Put whatever you want here
	$sort = "";

	$info = searchLDAP($cp, $query, $CP_Root, $sort);

	if ($info["count"]>0) {
		echo "Name: " . $info[0]["givenname"][0] . " " . $info[0]["sn"][0] . " (" . $info[0]["cn"][0] . ")<br />";
		echo "Department: " . $info[0]["department"][0] . "<br />";
		echo "Extension: " . $info[0]["telephonenumber"][0] . "<br /><br />";
		echo "<pre>";
		print_r($info); // print the array
		echo "</pre>";
	}
	else {
		echo "No such user found for " . $_REQUEST["ext"] . ".";
	}
	 
	disconnectLDAP($cp);
}
else {
	echo "Please specify an extension.";
}
?>

' httptouch.vbs
' Created by Jason C. Greb
' http://www.electronerdz.com/

Set Args = WScript.Arguments
URL = Args(0) ' Read argument (must be in quotes)
Set oHTTP = CreateObject("MSXML2.XMLHTTP")
oHTTP.Open "GET", URL, False
oHTTP.Send() ' Send to the server
'Wscript.Echo oHTTP.Status ' Output the status if you'd like
Set oHTTP = Nothing

This script takes an argument after it, in quotes, and accesses that URL, then quits. You can add it to your program that runs an external program and put the argument after it. Keep in mind that you may need to reference the cscript.exe file (usually in system32) then the script, then the argument.

The best I can figure, TimeKeeper sends out a broadcast packet during the install to find out where the server is. On a subnetted network, this won’t help. TimeKeeper creates several ODBC entries during the install. In these entries, you manually specify the the server IP address. Go to SystemDSN in the ODBC control panel options. You will see three entries for TimeKeeper. Edit each one, and on the Network tab, add Host=[ipaddress] to the TCP/IP options where [ipaddress] is the IP address of the server TimeKeeper is installed. It should work beautifully after that.

I discovered this command called eventtriggers.exe. Apparently, its been in Windows since Windows XP (I couldn’t find it in Windows 7 though). Our domain controller is Windows 2003, but I am sure it is in Windows 2008 also. So I ran the following on the domain controller:

eventtriggers /create /tr EventID644 /l security /eid 644 /tk c:\tools\trigger.vbs

You will need to enter the password for the user that you are currently in. You could modify this command a bit and run as the system account I am sure, but I decided not to. This is create a Scheduled Task that runs every time the Event ID 644 is created. This event is the event that says an account has been locked. Another useful one is 675, which is when a user enters a wrong password. Unfortunately, I could not find an easy way to add arguments to the trigger.vbs file (in case I want to reuse the same command for other event IDs), so you can manually edit the task in Scheduled Tasks. I changed the command to the following:

c:\tools\trigger.vbs 644 "User Account Locked"

So now we need to create the trigger.vbs file. This file will read the data from the Event ID, and email it. Unfortunately, you can not pass the particular event that caused the issue to trigger.vbs via eventtriggers, so we will do some creative WMI reading. The code below searches for the passed event ID, but thankfully WMI starts with the newest first otherwise we’d get every event ID on the log. So we’ll just read the first one. Now of course, if two came in at the same time, and this script hadn’t started in the millisecond difference of the next event, you might read the wrong one. But seriously, how many accounts are being locked out during the day?

' Setup the variables
Dim Args, strMsg
Dim strEventID, strDesc
Dim objWMIService, colEvents, objItem
Dim Loops
Dim objMessage ' This one is very important!

' If there are no arguments, do nothing
Args = WScript.Arguments.Count
If Args < 1 Then
	WScript.Echo "Usage: trigger.vbs  """""
	WScript.Quit
End If

' Read in the arguments
strEventID = WScript.Arguments.Item(0)
strDesc = WScript.Arguments.Item(1)

' Connect to WMI and Query
Set objWMIService = GetObject("winmgmts:{(Security)}\\.\root\cimv2")
Set colEvents = objWMIService.ExecQuery("Select * From Win32_NTLogEvent Where " & _
	"Logfile = 'Security' AND EventCode= '" & strEventID & "'")

' We are going to load the events, but only read the latest one
Loops = 0
For Each objItem in colEvents
	If Loops = 1 Then
		Exit For
	End If
	' Create the body of the email
	strMsg = Now & vbCrLf & vbCrLf ' Add the time to the message
	strMsg = strMsg & "Time Generated: " & objItem.TimeGenerated & vbCrLf
	strMsg = strMsg & "Category: " & objItem.Category & vbCrLf
	strMsg = strMsg & "Event Code: " & objItem.EventCode & vbCrLf
	strMsg = strMsg & "Record Number: " & objItem.RecordNumber & vbCrLf
	strMsg = strMsg & "Source Name: " & objItem.SourceName & vbCrLf
	strMsg = strMsg & "Event Type: " & objItem.Type & vbCrLf
	strMsg = strMsg & "Message: " & objItem.Message
	Loops = 1 ' Set the variable so it doesn't run again
Next

' Load CDO and create the message, then send it
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "AD Audit Event: " & strDesc ' Add the description to the subject
objMessage.From = "support@company.com"
objMessage.To = "support@company.com"
objMessage.TextBody = strMsg
' The commands below use SMTP to do the sending
objMessage.Configuration.Fields.Item( _
	"http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.Fields.Item( _
	"http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.company.com"
objMessage.Configuration.Fields.Item( _
	"http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
' Send the message
objMessage.Send

' Done

Now this particular file just reads from the Security event log file, but you could adjust this and read any type of event. You would have to adjust both winmgmts and the SQL statement and then modify the what items it reads from the the particular event.

That should do it. You could modify the trigger file to add this information to a database. For example, I will be modifying it to add 675 event IDs (wrong password) to a database, since I don’t want an email every 10 minutes, but I can view history leading up to a locked account.

Now of course, you’ll still get calls in the middle of the night if you were asleep when the email came in. But at least you can say that you already knew and were working on it!

I recently needed to move a SPS 3.0 server to a new Foundation 2010 server. Now, Microsoft posts several documents on how to do this, but I think we all know that their documents aren’t always that helpful. I first tried to move the Sharepoint to another server, then do an updgrade, but it did not go so smoothly. So I tried it again using the “database attach” method. I did a lot of Googling, and tried an unbelievable number of things before I finally got the upgrade to work. I’ve collected my steps here. Hopefully, I remembered everything correctly. There were what seemed like a lot of steps, but it mostly went smoothly. Read on for my guide to upgraded to SharePoint Foundation 2010 and I hope it helps you with your upgrade.

Step 1: Preparation
The first step is to prepare your new server. In my case, I am using Windows 2008 R2 64-bit. There are several things you will need to download to get started, and have them all available and ready to go. I am listing them here, so that you will be ready:
Microsoft SharePoint Foundation Server 2010
Microsoft SQL Server 2008 Management Studio Express
Do not install these programs yet, just have them downloaded and ready to go.

I recommend also that you put the path to the BIN folder (where stsadm.exe is located) in the PATH environment variable on both servers. It is absurd having to bounce around folders and typing full paths for a lot of things. This is located here:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\xx\BIN
(xx being the version number, 12 or 14) I’d recommend you do this under Advanced in the System properties so that it sticks. Restart your command prompt window if necessary.

Be sure to join the computer to the domain if you are using one, I neglected to do this during my testing, and I ran into all kinds of issues.

Step 2: Backup Old Server
Next, you will need to backup your old content database. There are a number of ways to do this, but when doing the database attach method, all you need to backup is the content database. For this you will need to run Microsoft SQL Server 2005 Management Studio Express. If you do not have it you can get it here. I am not keeping the same server name and will be renaming the site. This will help allow people to still access data while getting the new site online. If you plan on doing your move right away, you need to lock changes to the database. If you are just testing (which you are, right?), you don’t need to lock it down right away. You can lock down the database by setting it to read only. You can do that before you do the backup below. This command should set the site to Read-Only:

stsadm -o setsitelock -url http://domain/ -lock readonly

Open the Management Studio and log into the COMPUTERNAME\MICROSOFT##SSEE database. If it fails, try this instead:
\\.\pipe\mssql$microsoft##ssee\sql\query
Find the database called WSS_Content, right-click, Tasks, Back Up…. In the options, choose File and add a filename. Make sure that it is a Full backup. Once you have the file, go ahead and move it to your new server. You will be needing it there shortly.

Step 3: Install SharePoint 2010
You are now ready to install SharePoint Foundation 2010. Run the installer, and install the software prerequisites first. After that is installed, go ahead and start the install for SharePoint Foundation. When the install is finished, run the Configuration Wizard. You can accept most of the defaults.  In our case, we used a farm, but with a standalone server. If you are doing a farm, this guide may not help you much. When it is finished, it will open your newly created, and empty, SharePoint website.

Step 4: Remove New Content Database
Login to the SharePoint 2010 Central Administrator page and go to Application Management > Manage content databases. [We will be using the default computer name for the web application name. If you want to do a new one (such as keep the old name), now would be a good time to do it, or you can just do an Alternate Access Mapping.] Click on the database called WSS_Content and scroll to the bottom. Check the box Remove content database and click OK. This simply detaches the database from the Web application you have selected at the top of the page. This leaves the SharePoint site in a broken state, but no worries, we will soon be attaching a new one.

Step 5: Import Old Database
You should have copied over your database earlier, you will need this now. Install the SQL 2008 Studio. Now, this may be confusing, because the installer makes no mention of it being Studio, and instead shows that it is SQL Server 2008 only. Also, in Windows 2008, you will get a Known Compatibility Issue window, just ignore it and run the program. Click on Installer on the left, and choose the first option. If the installer does not run for you (and gave an error message about a window handle), like it did not for me, here is a tip. Leave this installer window open (close the error). On your C: drive, there will be a folder that was created by the installer. Go into that folder and find the setup11.exe file and run it. This opens another installer, and it should work through there. During the install, you will see an option for the Management Studio, be sure to selected. Choose all other defaults. When it is finished, you will have the new Studio application.

Log into the newly created database at COMPUTERNAME\SHAREPOINT (you will probably have to type this in manually). You will see a WSS_Content_<guid>. You can delete this database, or rename it, or just leave it. You have two choices, new database, or overwrite. To create a new one, right-click on Databases, and choose New Database. Give your database a name, or keep WSS_Content. I used WSS_Content_3. Leave all the defaults. Once it is created, or you want to overwrite the old one, right-click the database, and go to Tasks > Restore > Database. Choose From device, and choose your backed up file. Select the checkbox under Restore. Under the Options page, and check Overwrite the existing database. Leave all other defaults.

Step 6: Test Database and Copy Features/Assemblies
If you are using any added features or themes in SharePoint, these files will need to be copied manually. You first need to find out what is missing. Open up the SharePoint 2010 Management Shell. This is a PowerShell window with SharePoint cmdlets. Run the following:
Test-SPContentDatabase -Name DatabaseName -WebApplication http://DomainName/
This will generate a list (if no list is generated, you are golden, and can skip this next tedious part). During my upgrade, I was missing a long list of features, and several setup files and assemblies. Lets start with features. On your old server, there is a folder located here:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\FEATURES
You need to copy all of these files onto the new server in the same location, but with 14 as opposed to 12. Create the folder if it does not exist. Now all of these features need to be installed and activated. I’ve posted a script below that will allow you to run through all these without typing them manually. Open up a standard command box at C:\, and paste the following on the new server after you have copied the features (and having the path setup from above, is necessary for this). You will need to change domain to your domain, so copy it into Notepad first:
cd "\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\FEATURES"
for /f %i in ('dir /b *.*') do stsadm -o installfeature -name %i
for /f %i in ('dir /b *.*') do stsadm -o activatefeature -url http://DomainName/ -name %i
This will cycle through each feature, install it, and activate it. Go back to your PS window, and run the Test-SPContentDatabase again. Your list should be shorter now. If like me, you had assemblies, you will need to copy these from the old machine also. However, you can only access these through a command prompt. You can not get to them from Windows Explorer. Copy the folders out of C:\Windows\Assembly\GAC_MSIL and get them into the same folder on the new machine. There are several ways of doing this, and I will assume you know how to copy folders via command line. Only copy the ones you need, not everything. I don’t know what will happen if you overwrite files, but I can only assume the consequences will be less than desired. When running the Test-SPContentDatabase again, you should be cleared up. If not, you’ll need to do a bit of Googling and find out what you are missing. If you’d like a list of GUIDs for features to match up names, there is a great one here.

Step 7: Upgrade and Mount Database
Now that you have installed all the requirements, you are ready to upgrade the content database to allow it to work with 2010. This is very simple, and takes a single command. From the Management Shell, run the following command:
Upgrade-SPContentDatabase -Name DatabaseName
You will be asked to confirm the upgrade. There is a possibility that it does not need to be upgraded, in which case, you are fine. I removed the previous, because the second time around, it didn’t work correctly. I simply mounted the database, and it did the upgrade during the mount. You are now finally ready to connect the database to the site. To do this, run this command in the management shell:
Mount-SPContentDatabase -AssignNewDatabaseId -Name DatabaseName -WebApplication http://DomainName/
This will output a new ID, and attach the content database to the site. You can now look at the site, and see your pages.

Step 8: Upgrade Views
Now, you may have noticed that your site looks the same, and does not have the new look to it. If you want to update the look (and I don’t know why you wouldn’t want to), run the following in the Management Shell, and it will update the main site, and all subsites.
$webapp = Get-SPWebApplication http://DomainName/
foreach ($s in $webapp.sites)
{$s.VisualUpgradeWebs() }
You now have the new look.

Step 9: Cleanup
You have now successfully upgraded your Sharepoint server, however, you may still have some cleanup to do. If you have a large site, well, you may have a LOT of cleanup to do. First thing to note is that some custom features may not have copied all their data, and may not work at all. I was using a feature called Vacation Schedule, and it did not transfer. Thankfully, it was a little used feature, and I will be rebuilding it using a standard calendar with workflows. Another piece of cleanup you may need to do is modify links. Some of your links may be hardcoded for the old domain. You’ll have to hunt all of them down, and change them to the new domain. In my case, all of the permissions appeared to copy correctly for page rights, but your mileage may vary. It also appears that the Alert Me settings may have disappeared, so be sure to check that. You will also need to reapply any special customizations you may have done on the backend, and go through the Central Administration and setup things such as mail servers. You’ll need to browse around and find everything that is broken and fix them one at a time. I’ll leave that in your hands.

Step 10: Go Live
If you were following these steps to create a test server and have your users test the new environment (which you should be doing before blindly walking into an upgrade!), you will need to let your users know to test it out. Be sure to let them know that any changes they make will not affect the original database, but any alerts that were setup may still go out even though they are from the new server. If this is your new production server, you can go ahead and alert your users, and make any group policy changes you will need to make to point them to the new server URL. You can also shutdown the old server now just to keep them out of it.

I hope this helps you. I did several days of Google searching to come across all of this information, and did not find any one good tutorial. Of course, this tutorial may be incomplete. If your Sharepoint site is extremely complex, some of the above may not be useful, and you may have a lot more to do. But if your site is that complex, you probably know a bit more than me. To be honest, before I wrote this, I really only played with the backend of Sharepoint for about a week. I didn’t have any previous experience other than building a page or two. If something above is not working, or appears to be missing, please let me know, and I will update this how-to. Good luck!

function connectLDAP($server,$user,$password) {

// Issue the connect command
$ad_connect=ldap_connect($server) or
die ("Could not connect to LDAP");

// These options are required for MS Active Directory
ldap_set_option($ad_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad_connect, LDAP_OPT_REFERRALS, 0);

// Bind to AD with the username and password
$ds_connect = ldap_bind($ad_connect,$user,$password) or
die("Couldn't bind to AD!");

// Return handler
return $ad_connect;
}

function disconnectLDAP($handle) {

// Disconnect from the server
ldap_unbind($handle);

}

function searchLDAP($ad,$query,$root,$sort) {

// Query the LDAP server
// Future: Want adjust the array on the fly later, such as objectclass
$sr=ldap_search($ad, $root, $query);

// If a sort field was requested, adjust the list
if ($sort) {
$st=ldap_sort($ad, $sr, $sort);
}

// Generate the array, and return

$info = ldap_get_entries($ad, $sr);

return $info;

}

$ad = connectLDAP($AD_Server,$AD_User,$AD_Password);
$query = "(&(objectClass=person)(SAMAccountName=*)"; // Put whatever you want here
$sort = "";

$info = searchLDAP($ad, $query, $AD_Root, $sort);

if ($info["count"]>0) {
// $info is an array
}

disconnectLDAP($ad);

The above is a basic search string. What is important to note is how the array works. It is a multi-dimensional array. To access data, you will need to cycle through the fields,

$info[$i][$j][0]);

I hope this gets you started.

I’ll start with a rant…

My son is in Cub Scouts. Since we have recently moved to North Carolina, we had to find a new pack to join. We found one that appears to be a lot more involved than the pack we were in in Florida. They are even up with the times. They are using a third party website to keep track of the packs activities and events. You can post pictures, look at a calendar, find out information about the other adults, etc. Cub Scout leaders even keep all of the information about the cub scout (including the address) in the website. Here is the problem. The third party website… not so much with the times.

First problem I noticed when I first logged in, not using SSL. This website is hosting information about dozens of children in just our pack. Who knows how many more all over the country. And it is not using SSL to transmit this traffic about children under the age of 13? This information, including passwords is going over the clear on the Internet. If someone were to get a hold of the database, they’d have the addresses of thousands of children.

This is where the second problem comes in. You might say, we the database is probably encrypted. I’d like to think so. Yesterday, I signed into the site, and changed the password from the default one that was given to me in the welcome email. Well, the cub scout leader decided to resend out these welcome emails this morning, in case people did not receive them. I received this email this morning. Inside this email was the password that I had chosen yesterday. So not only is the traffic insecure, now the database is not encrypted in any fashion? You might say they could be using a reversible encryption… but I think we all know that if you hack into the site and steal the database, you’ll be able to just as easily break into the websites pages and steal the salt.

Anyway, I have emailed the site’s tech support team to complain about these very things and hope to get a response. In the meantime, I’ll be considering not using the site, or having incorrect information inputted for both me and my son on purpose. I’ve already changed my password to one that I don’t use on anything else.