Thanks Gil, I wasn't aware of this. You learn something new every day :-) Any idea why Microsoft decided not to implement the changelog approach? It seems like a number of the other vendors have.
I quite like the look of the IBM Directory approach, which includes support for a number of change log entry attributes, including the DN of the change originator, e.g. ibm-changeInitiatorsName The DN of the entity that initiated the change Syntax: 1.3.6.1.4.1.1466.115.121.1.12 Value: single-valued Usage: userApplications I think this type of information would be useful in AD. Robbie Allen touched on this at DEC Europe during his round table discussion on tools. Stuart Kwan was there and mentioned something about Microsoft's plans, but I can't remember exactly what it was. Maybe Robbie remembers? Tony ---------- Original Message ---------------------------------- From: Gil Kirkpatrick <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 25 Nov 2002 12:37:29 -0700 Naval, There are several mechanisms for getting change information from the directory. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/p olling_for_changes_using_the_dirsync_control.asp Each mechanism has its advantages and disadvantages; the docs do a reasonable job of explaining them. -gil -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 7:07 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] How to get changes from active directory? Hi Naval AD doesn't (currently) store change information in the directory. Some information can be made available through auditing of AD object access. The audit information will be written to the event log. The limitation of this approach is that this information will only be available on the DC where the change was made. A separate consolidation process would then be required if centralised information were a requirement. Stuart (if he's listening) may have some information on Microsoft's future plans in this area. Tony ---------- Original Message ---------------------------------- From: "Naval" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 25 Nov 2002 16:48:21 +0530 Hi, How can i get the changes from Active Directory server? For e.g netscape provides changes below cn=changelog node. Where does AD publish the changes. Thanks, Naval List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
