WMI can be used for the monitoring but the capabilities are quite limited with the current WMI provider implementation. Despite this, it could be useful is some very specific pin-point monitoring cases.
However, in your case, you definitively need something else. NETPRO solution seems to me the best match for what you need. However, I suspect that NETPRO uses this API (Polling for Changes Using the DirSync Control) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/polli ng_for_changes_using_the_dirsync_control.asp Don't know ... Only them can confirm ... :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp Sent: Monday, July 11, 2005 8:48 AM To: [email protected] Subject: Re: [ActiveDir] Programmatic auditing of AD changes similar to what Quest/NetPro use Grillenmeier, Guido wrote: > Chuck - what exactly are you trying to achieve/monitor? I need to monitor for creation, deletion, renaming and moving of user objects, group objects and for objects based on 2 or 3 other application-specific object classes in AD. Additionally, I need to monitor for modification of some standard attributes and some custom/aux attributes on user & group objects. In the case of memership types of attributes that are multi-valued, when one of those attributes changes, I need to know what individual value is being added to or removed from the attribute's value list. This needs to be done for all user & group objects in the tree; there is no feasible way to limit the scope of object instances that need to monitored. When the events are received, the application will consolidate them and forward them on to an "engine" that will take certain actions depending on which particular events have occurred. I would prefer notification of the desired changes to be delivered asynchronously, but I can poll for them if necessary. DirSync and LDAP and monitoring the uSNChanged attribute are all methods that fail to provide this degree of granularity. To use DirSync or LDAP searches would effectively require me to maintain a partial replica of the entire AD tree with which to perform comparisons of objects that are reported in the DirSync result-set. > AD itself doesn't provide a real event-driven model for notification > of changes to objects, but for single object monitoring you can get > quite far with WMI event queries (which in the background read the > instance of an object and then continuously poll for any changes to > the object in AD > - no matter if direct or through replication). > This will be ok for "poor man's" monitoring of a few special objects > (such as sensitive groups), but not for monitoring changes in all of > AD (both NetPro and Quest deploy agents to the DCs to intercept > changes that occur on DCs to reach their goal) Yes, I understand that an agent is required on each DC to intercept the required changes. It is the method(s) that those agents [in Quest's & NetPro's products] are using that I'm looking for. I need the same degree of functionality in terms of fine grained event monitoring. As stated above, the # of objects involved is too large to use WMI. All users & groups in the tree will end up needing to be monitored along with several other classes of objects. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
