Chuck - what exactly are you trying to achieve/monitor? AD itself doesn't provide a real event-driven model for notification of changes to objects, but for single object monitoring you can get quite far with WMI event queries (which in the background read the instance of an object and then continuously poll for any changes to the object in AD - no matter if direct or through replication). This will be ok for "poor man's" monitoring of a few special objects (such as sensitive groups), but not for monitoring changes in all of AD (both NetPro and Quest deploy agents to the DCs to intercept changes that occur on DCs to reach their goal)
You might want to check out Alain Lissoir's website (www.lissware.net) to get an example of a MWI based group-monitoring script => Volume2 - Sample 3.54 - GroupMonitor.wsf /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp Sent: Freitag, 8. Juli 2005 22:05 To: [email protected] Subject: Re: [ActiveDir] Programmatic auditing of AD changes similar to what Quest/NetPro use Darren Mar-Elia wrote: > Chuck- > Have you seen this article? > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/c > hange_notifications_in_active_directory.asp Yes, I have. Been there, done that, bought the postcard & T-shirt... and, sadly, it falls far far short of both what I need and what I know of other auditing products to be capable of doing. I can tell through feature descriptions, report contents and inspects of the binary EXE and DLL files of these products that they are not using any of the following: LDAP ADSI DirSync any method that tracks the uSNChanged attribute System.Directory .DOT managed code system auditing via SACLs set on containers & objects Further inspection of Quest's Chanage Manager for Active Directory leads me to believe that it is in fact hooking into AD some some manner so that it is directly intercepting replication traffic within the directory service itself on the DC on which their monitor is installed. It would appear that I need to go the same route in order to get the functionality that I require. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
