I’ve read some stories on the Sony hack today that are disturbing.
47000+ SSNs of current and former employees, including celebs like Sylvester Stallone, were breached.
That was the disturbing part. Now comes the mind-numbingly stupid part. Some of the data breached was passwords.
Not a few either.
FOR EVERYTHING FROM FACEBOOK ACCOUNTS TO LEXIS/NEXIS TO AMEX TO FIDELITY!
STORED IN PLAIN TEXT!!
Sony, a word of advice – Fire your whole IT security department. Now. They are obviously grossly incompetent or they would have at least used something like KeePass to somewhat safely vault them. They have made life hell for thousands of current and former Sony staff, wrecked the security of all your data and systems, and destroyed your corporate reputation. It will take years to recover from this.
So here I was today working an a folder a server in a foreign forest, trying to duplicate the ACLs of the source forest to the target forest. Both forests contained groups with the same RDNs and SAM account names.
My first choice was the obvious and trusty SUBINACL. So I entered the command below expecting it to start chugging away.
subinacl /subdirectories "x:\foldertochange\*.*" /migratetodomain=source=target
Instead of the nice chug of folders being modified I got an error saying the syntax was wrong. Quick check – Yep, using an elevated prompt. Spelling good – check. Trust between the forest was still going. Switching the command to verbose mode I got a different result:
subinacl /verbose=1 /subdirectories "x:\foldertochange\*.*" /migratetodomain=source=target
1722 Unexpected error NetUserModalsGet on server \\DC-IN-TARGET
Error finding domain name : 1722 The RPC server is unavailable
The fix is simple. On the source data server I opened the HOSTS file and added an entry for the target DC it was trying to talk to. Re-ran the command and 211,000+ objects later everything was golden.