The goal was to get the street attribute to be a multi lined value.. not streetadddress which is easy enough to do from the GUI.
So part of this is to help folks understand that if you take the basics of a system, and expand on those, then you can resolve a lot of your issues on your own. I guess the problem is expanding the understanding of the base system at lower layers.
Anyway, here goes.
The end result should look like the sample below.
primaryGroupID: 513 = ( GROUP_RID_USERS );
pwdLastSet: 6/30/2008 11:11:35 AM Pacific Daylight Time;
sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT );
userAccountControl: 0x10220 = ( PASSWD_NOTREQD | NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD );
whenChanged: 7/2/2008 6:50:45 PM Pacific Daylight Time;
For me, this really ended up being a question of -- How do I dump a file in hex from built in tools? ( it really was the only really interesting and new part to me ) . A quick internet search showed nothing in box.. but plenty of hex freeware tools etc.. course we could write something but I wanted it all to be in box.
Let's start from square one in order to bring it all together.
We can begin our tour with a known value and examine it. Like.. ahaha .. streetAddress ( as opposed to street )
So StreetAddress is exposed the UI as the following:
Easy enough.. multi line output set via the UI.
Let's look at it closer.
Look in LDP at it:
whenChanged: 7/2/2008 6:56:11 PM Pacific Daylight Time;
whenCreated: 6/30/2008 11:11:03 AM Pacific Daylight Time;
Look at it again, in raw hex form:
In LDP.EXE goto Options and the General options:
Change the General options to dump values in binary:
Now dump the user again:
55 73 65 72 5F 30 30 31 32 User_0012
38 30 35 33 30 36 33 36 38 805306368
74 68 69 73 0D 0A 69 73 0D 0A 73 70 61 74 73 0D this..is..spats.
0A 74 65 73 74 .test
36 36 30 38 30 66080
Note that I highlighted the text - and any good geek will tell you that 0D 0A is... CRLF.
So. How to set this easily in the tools we have at hand.
"Street" attribute is not exposed in the UI. If we modify it in adsiedit or ldp.exe we can see it is clearly not the same:
However, we can't easily toss in hex characters either. At least not that I can see.
So, off to the tools to dump and write hex directly as well as encode the data for input to the AD. Not easy to find in the built in OS tools.
Certutil.exe can do it though.
1. Open notepad.
2. Input some text.
3. Save it as t1.txt
4. Dump this in hex to ensure we have our data correct -- can we indeed use the 0x0D,0x0A (sure we can.. but let's make sure again shall we.. else I don't get to show the neat hex tools in the OS ) Dump it via certutil -encodehex - you pass it the file to dump and the result file to dump to.
C:\temp2>certutil -encodehex t1.txt t5.txt
Input Length = 54
Output Length = 286
CertUtil: -encodehex command completed successfully.
0000 63 6f 6e 73 74 61 6e 74 0d 0a 63 68 61 6e 67 65 constant..change
0010 0d 0a 67 69 76 65 73 0d 0a 74 68 65 0d 0a 69 6c ..gives..the..il
0020 6c 75 73 69 6f 6e 0d 0a 6f 66 0d 0a 70 72 6f 67 lusion..of..prog
0030 72 65 73 73 0d 0a ress..
5. Run certutil to encode the original text file in base64
C:\temp2>certutil -encode t1.txt t2.txt
Output Length = 132
CertUtil: -encode command completed successfully.
6. Look at the data:
7. Drop the base64 in a file like so:
8. Import it:
C:\temp2>ldifde -i -f t.txt
Connecting to "sp137558a.crisco.com"
Logging in as current user using SSPI
Importing directory from file "t.txt"
1 entry modified successfully.
The command has completed successfully
Dump it to make sure it made it in the AD OK:
BTW - I haven't posted in a while because I recently changed jobs ( within MS ) .. I can post more on that later on when I have more time to think about what to say there.
Dear. Mr. Spat,
An excellent example, as usual. One would swear you must have worked in Critical Problem Resolution in your tenure there at Microsoft. LDAP... Active Directory? I once knew a fellow of your keen wit with such in depth knowledge as yourself.
If I were to have a few questions of you regarding the topic, could we take them offline? Perhaps you could write me at mhjzimmerman '@' live.com