One Character == World of Suck

Ladies and Gentlemen, today you are going to learn a lesson on why you do NOT edit the active directory directly for exchange attributes.

Background
A long time ago, we had a very crappy provisioning system for our hosted Exchange 2003 platform. It worked ok, but missed a lot of things that we wanted to have set. They also were kind of pricks when it came to licensing so making a ton of money on the platform was hard to do. So, we decided to roll our own. It wasn’t that hard to reverse engineer what was being set for users, groups and contacts. There were a few obstacles of coarse but we were able to get a pretty good provisioning system setup. However, this too had its faults. Sure we had total control over the code and could update things as we needed. But we were still working in a void. We really didn’t know _everything_ that was happening on the system that needed to actually happen. Plain and simple, we were missing things. Not to mention future services would require the same amount of dev time reverse engineering what needed to be set. That’s not a scalable solution.

So, when it came time to roll out our Exchange 2007 environment, we have moved over to HMC and for the most part, things have been a lot happier.

The Issue
Since we have this shiny new 2007 platform, we thought it was in our best interest to start migrating our users from the 2003 platform and away from the old clunky provisioning. So far we have moved some smaller customers and everything has gone pretty smooth. Certain customers have required the migration to happen in stages so we have come up with a decent solution to make this as smooth as possible. We define the list of users to migrate, setup a temporary domain on the 2003 platform, add smtp aliases to the users on the 2007 platform and then enable forwarding on the 2003 platform to the 2007 temporary smtp alias. All mail still flows as it did before, its just that some users happen to be on the 2007 platform getting their email. Easy as can be right?

Well, the users that we have moved so far have been fairly small customers. So the need for automating certain aspects of the move have been put off. There is a lot of automation that happens, but some of the tasks were put off such as the setting of the forwarding address.

That is, until last week. Last week we were starting to move one of the bigger customers so I setup a script that would take the users that were being moved and automatically set the forwarding address. Here is the code that I had in place to figure out the forwarding address:

            // need to add forwarding address here.
            list($tuname, $tdmn) = explode("@", $user['mail']);
            // new address
            $fwd = "{$tuname}@{$newdomain}\n";

Notice the $fwd variable. This is where the trouble begins. You can ignore the {} as those simply tell the parser that these are valid variables contained within the string.

No, the real issue is at the end of the line. Specifically, the \n. Technically, you can set the AD object to whatever you want. It will take this as a value. However, Exchange does not like this. With forwarding in exchange, you set the forwarding to an object. Typically another user, group of contact. Since we allow for users to forward to multiple people, we create a group automatically and populate that with one or more users, groups or contacts.

Now for the really bad part. I’m not sure if this is just Exchange 2003 or if others are affected as well. But when you forward to a group that contains a single contact object that has invalid characters, your email message with be lost in the ether. Gone, Kaput, Not even an NDR will be generated. We were unable to even find logs that the message came in it failed that spectacularly.

Conclusion
So the moral of the story is, don’t do what we did. Microsoft will tell you the exact same thing. Its dumb to do what we did. You should not be messing with the AD attributes directly in this instance. There is a certain level of error checking that must take place at the upper levels which were missed by both my script, and the provisioning system. But in the same breath, I can’t say for sure that HMC was mature enough to use when we first rolled out the 2003 platform. So whether it is you editing AD directly or someone else doing it, its just as bad. It just depends on how much control you want over the gun pointed at your head.

Twitter Issues

Has anyone else been having a bunch of issues with Twitter as of late? It seems like the service is even more unstable than is has been in the past few months.

My biggest complaint right now, besides it being down a lot, is the profile settings. Yes, I’m _finally_ getting around to setting a profile picture for my @usrlocal account.

Here is what I get when I attempt to upload my image:
picture-3

Good so far! But then when I got to hit save the final time I get the following:
picture-4

Uh..NO! My picture of 4KB which is 48×48 is NOT to big!

Here’s the really frustrating part, some people are seeing my new image though I get the error message saying that it didn’t update properly.

WTF Twitter?!?!

419 Morons!

Good lord! I can’t believe that people haven’t learned yet. In the past week, I have seen 2 stories about some dumbass losing hundreds of thousands of dollars to a scammer in a 419 Scam.

First we have John Rempel who sounds like not only did he lose his own savings, but decided to take some friends and family along with him. Nice job John!

Next up, we have Richard T. Howell Jr. which was another form of the 419 scam. Now, Howell got caught up in something a lot more sophisticated. But even he admits he was a dumbass.

So let this be the warning to everyone out there. If it comes in email, and it sounds to good to be true, it probably is. Delete it and move on with your life.

Secure Backpack

Those that work with me know that I am a huge fan of the products put out by 37Signals. They have created some great apps that are simple, clean, and rock solid. The concepts aren’t always new, but they have made it so anyone can login in and hit the ground running. There is a *lot* to be said about that ability to have well design applications. I can’t say enough great things about their apps!

However, they are not without fault. I’m finally moving from a free plan to a solo plan in my backpack account. I am doing enough side programming jobs for friends and family that having a page for each project just makes sense. So I’m finally moving up to the solo account to add more pages, space and overall functionality. While I was on the upgrade page, there was something that stuck out to me as just not adding up. Take a look at the packages below:

Missing SSL

I’m all for having limits to packages. It makes sense. It makes you want to upgrade to the next level. What I don’t understand is the SSL Security. I get it on a solo level but once I move to the home or basic level I lose it? Logically, that removes my desire to upgrade. Sure, I could skip to the plus level, but that is a big step up in price from the $7/mo solo plan. This seems like a short coming and something that quite frankly, should be a standard option for those paying a fee on a monthly basis.

With that being said, if you are looking to see for yourself how great these application are, please use the following affiliate links to help support this blog. All the products have a free plan of some sort so give it a try today!

Basecamp – a great for project management,

BackPack – You can setup your own personal intranet site or use it for your entire company.

Highrise – manage your contacts, leads and deals.

Des Moines Flood Pics

As many of your may have heard, Iowa is flooding as are other parts of the midwest. Cedar Rapids is really bad from what I hear.

I’m in Des Moines where things are bad, but we’re not completely screwed yet. I will be posting pictures of the flooding as I can. They can be found in this flickr set.

Let’s hope for dry weather.