Announcement

Collapse
No announcement yet.

Remove sIDHistory with adfind and admod

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remove sIDHistory with adfind and admod

    Hi All,

    I want to remove sIDHIstory with in our domain. The users were succesfully migrated for the old domains to the new domain. The old domains do not exist anymore. I want to remove sIDHistory from objects in a specific OU. I use the following commands.:

    C:\>adfind -h dc1 -b "OU=standaard,OU=Users,OU=xxx,OU=QuestMigration,OU =Accounts,OU=xxx,dc=xxx,dc=local" -f sIDHistory=* sIDHistory -adcsv | admod sIDHistory:-:{{sidhistory}} -upto 3000 >>C:\removesidhistory.txt

    If i run this query, some sIDHistory values are removed of several objects. But it stops after a few objects. In the textfile I'll get the following message:

    ERROR: Critical internal failure 10024 1|1
    ERROR: Doublecheck field count for this entry in CSV stream (sidhistory).
    ERROR: Terminating.

    I do want to remove in a specific OU. This is because if any problems occurs, we can do an authorative restore of an OU. Although we are sure we can remove the sIDHistory. All the testing is done in a test environment.

    Other information:
    Windows 2003 Domain
    Functional levels 2003.
    4 domain controllers.

    Can anyone say what is wrong and give me some advice how to do it right?

    Thanks in advance.

  • #2
    Re: Remove sIDHistory with adfind and admod

    Hi,

    What is your current OS. If you have powershell, then i hope it will be more effective to write up a small code
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment


    • #3
      Re: Remove sIDHistory with adfind and admod

      Hi,

      I have managed to do it with these tools.

      Example:
      C:\Scripts>adfind -h dc1 -b "OU=xxx,OU=QuestMigratie,DC=xxx,dc=local" -f sidhistory=* sidhistory -adcsv | admod -sc csh -upto 200 >>C:\Scripts\removesidhistorywithADMOD.txt

      Explanation:
      - -h binds to a domaincontroller.
      - -b is the baseDN where to search for specific attributes.
      - -f filter, check also in adsiedit for attribute names.
      - -adcsv is needed for admod to understand what to modify.
      - -sc csh (shortcut for clearing sidhistory, see also helpfile)
      - - upto 200, work around the builtin security of removing default 10 objects.
      - >> output to textfile.

      Hope this will help other people. Also check joe's website if you need more information.

      Comment


      • #4
        Re: Remove sIDHistory with adfind and admod

        Thanks for posting back and sharing the solution Mackd636.
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment

        Working...
        X