Jump to content
MrRat

MSP Accounts Plugin - Free

Recommended Posts

No, that's the local account.

 

In the plugin what setting do you have for "MSP Prefix"?

And what username did you assign as the Service Account?

 

It looks like there is no Prefix and I've never tried to run the plugin without one.

Share this post


Link to post
Share on other sites

Hello MrRat, thanks kindly for your hard work; I'm excited to try this out :)

 

Quick question: if I do not want the plugin to automatically change passwords, is there a way to disable that functionality? (ie: maybe I want to things once?)

 

Small suggestion: in the install notes, I might imagine that it might help others to add in a line saying that the file needs to be unblocked (via properties) before adding the plugin; and if an attempt was made to add it before unblocking, that Control Center needs to be restarted.

Share this post


Link to post
Share on other sites
Quick question: if I do not want the plugin to automatically change passwords, is there a way to disable that functionality? (ie: maybe I want to things once?)

 

On the Manage Users tab there are AutoChangePassword checkboxes for each user. The exception is the Service Account; it probably ignores that setting, as it is meant to be fully automated and never touched by humans.

 

Small suggestion: in the install notes, I might imagine that it might help others to add in a line saying that the file needs to be unblocked (via properties) before adding the plugin; and if an attempt was made to add it before unblocking, that Control Center needs to be restarted.

 

I didn't know that. thanks.

Share this post


Link to post
Share on other sites

Could you tell me what this means and how to resolve it ?

 

I received this in email after manually issuing a command to add the service account to a location.

 

"The given key was not present in the dictionary."

Share this post


Link to post
Share on other sites
19 hours ago, mcclain.tim said:

Just checked. Doesn't work. Fails to open. :(

I hosed my 12 server.  Support is in there now trying to fix it :) 
I'll get the plugin working on 12 as soon as i can.

 

Share this post


Link to post
Share on other sites
On 11/7/2017 at 12:09 PM, MrRat said:

I hosed my 12 server.  Support is in there now trying to fix it :) 
I'll get the plugin working on 12 as soon as i can.

 

That sucks. I am interested in trying out the plugin. Let me know if support fixes it for you.

Share this post


Link to post
Share on other sites
On 11/6/2017 at 6:09 PM, mcclain.tim said:

Just checked. Doesn't work. Fails to open. :(

 

Just tested in the latest build of 12 and it opens without issue.

 

Share this post


Link to post
Share on other sites
4 hours ago, MrRat said:

 

Just tested in the latest build of 12 and it opens without issue.

 

Awesome! Working for me now as well. Thanks for the update.

Share this post


Link to post
Share on other sites

Question for users:

The boss wants a utility to administer local computer accounts. Change administrator password, delete accounts that aren't being used, search and delete certain named accounts, etc.

Should this plugin be modified to include local computer account management or would that be better in a new plugin?

 

Share this post


Link to post
Share on other sites

Thanks for this plugin! Works awesome.

We have a particular client that the accounts were created, but some of the passwords do not work correctly. I tried to issue a delete command for a particular user, but I never see the command hit the only DC they have onsite. We eventually get the MSP Accounts Log that shows the error "The given key was not present in the dictionary".

I checked and the server has been discovered as the PDC Emulator correctly. I did note there is an old DC 's metadata that needs to be cleaned up in AD for this client. Could that be causing an issue?

What else should I check?

Share this post


Link to post
Share on other sites
14 hours ago, kwreese said:

error "The given key was not present in the dictionary".

The only dictionary is a list of AD Domains and their PDCs.

SELECT computers.ComputerID, TRIM(LEADING 'DC:' FROM computers.Domain) FROM computers

Is there something unusual about the Domain name?

Having some of the passwords not work correctly when creating accounts is unheard of.

Are you comfortable using SQLyog? I would look at the table plugin_itsc_msp_accounts_userstatus and check for a column with that domain name.

Share this post


Link to post
Share on other sites

The only thing "unusual" about the domain name is is it a ".com" domain.

I checked the status for that particular domain and the status for all users is "Creation of user succeed" except for one user (not one of the reported users though). It's strange, it created the users successfully back in November, but when I run the command to delete a user or add a user from MSP Accounts plugin, the command never makes it to the DC to execute.

I have asked the admin for that client to go ahead and "fix" the stale metadata for the old DC that no longer exists and see if that resolves it.

Any other thoughts?

Share this post


Link to post
Share on other sites
10 minutes ago, kwreese said:

Any other thoughts?

SELECT Computers.Domain, Computers.ComputerID FROM Computers, v_detectedroles WHERE v_detectedroles.ComputerID = Computers.ComputerID AND v_detectedroles.RoleName = 'AD PDC Emulator'

Does that return the correct ID number for the PDC of the problem domain?

 

Share this post


Link to post
Share on other sites

Using that query does not return any results for that domain. That domain has only one active DC. When I check the Ignite tab for that particular DC, under AD FSMO roles, it shows PDC Emulator for that server though.

I will try and re-run the AD Role Detection and see if that query straightens up. If not, I'll open a ticket with LT support.

Thanks.

Share this post


Link to post
Share on other sites

UPDATE Version 2.17.12.06
Download link in first post of this thread.

Features added by request:
"Change All Passwords Everywhere" button does what it says.  All plugin users get their passwords changed.
Change Password button for the Domain Service Account. (not for the local service account, just domain)
Adjustable password complexity settings.

Fixes:
Complete redesign/rebuild of the reporting. The plugin actually waits for all work to finish before emailing the user.
Changes to timers so that automatic password changes are more stable.
and a few minor issues fixed

Be sure to restart the Labtech Database Agent so it can make the necessary database changes.
Highly recommended that you update.  It's a much better behaved plugin now.

Share this post


Link to post
Share on other sites
17 hours ago, absoblogginlutely! said:

If your users use a ! (and possibly &) the passwords will be truncated at the first ! as it's taken as a delimiter. Ie a password of password! would be sent to AD as password

 

Odd since an exclamation point is not a character that needs to be escaped.
I just looked through my users passwords and fully half of them contain !

 

Edited by MrRat

Share this post


Link to post
Share on other sites

I believe it requires 3 !!! to form a break,  but if your last character were an exclamation point it would be swallowed by the ones LT used. Wrapping the username and password parameters with double quotes would probably prevent this. (But putting three !!! inside your password will fail, even with quote characters.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×