Well it took a wee bit more than an hour but the XML method works great :)
I've already used to tool to bust several admins for adding people to admin groups without using our process. The tool sends out alert like:
Builtin Administrative Group Change Alert!
Object samAccountName (displayname) was recently added to the Domain Admins group. The operation was performed by user samAccountName (displayname).
This occurred on Domain Controller dcName in the company.net domain on 10/05/2006 at 16:17:27.
See below for details.
Event: 632
Event details
Thanks joe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of joe
Sent: Thursday, September 14, 2006 6:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Replication Metadata
Yep, if _vbscript_ you want the XML versions...
You should be able to do this in an hour.... You just need to pick the right
hour. ;o)
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Isenhour, Joseph
Sent: Thursday, September 14, 2006 9:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Replication Metadata
That's great info; thanks joe. I'll take a look at
msDS-ReplValueMetaData and msDS-ReplAttributeMetaData. I'm trying to do
this in a _vbscript_ and avoid getting into any compiled solutions. I
told my boss I could do this in an hour because I thought I could just
use IADsTools, oopsie.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of joe
Sent: Thursday, September 14, 2006 5:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Replication Metadata
I doubt that IADsTools was updated. They seemed to be trying to kill
that as
far back as 2001. I think it was someone's pet project and they went to
another petting zoo to work... I know I found some time issues in it
back
then and some more later that I tried to get corrected and was wholly
unsuccessful on both occasions.
But the answer is... There is additional metadata available now for
looking
at value level changes. The way IADsTools was probably getting the info
(this is a guess, never saw the code) is through the attribute
replPropertyMetaData but it very well could have been using the RPC
based
API call DsReplicaGetInfo.
Probably the simplest mechanism to use now are the attributes
msDS-ReplAttributeMetaData and msDS-ReplValueMetaData which by default
will
return XML strings with the data. If you are equipped to handle it, you
can
instead make the calls much faster and pass less data on the wire by
asking
for the binary versions of those attributes by appending the ;binary
modifier.
If you want to write DC API based code, you can use DsReplicateGetInfo2.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Isenhour,
Joseph
Sent: Friday, September 08, 2006 11:36 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Replication Metadata
I'm using Robbie Allens example for using IADSTools.DCFunctions to read
group object meta data. I just realized that now that we've upgraded to
2003 I can no longer look at the member last changed field to determine
when group membership last changed.
I know that RepAdmin can look at the individual group changes so there
must be some updated API that I can use to do the same thing, I just
can't seem to find it.
Can anyone point me in the right direction?
Thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
