Re: Retrieving changes to AD via VBS

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 08/31/04 

Date: Mon, 30 Aug 2004 21:12:23 -0400

Start reading here for the various change tracking techniques available as a
whole for you to review your process

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp

And if you have to figure out specific attributes that have changed but don't
want to maintain the old data someplace else AND you have 2K3, you can look at
the msDS-ReplAttributeMetaData attribute. 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Mike Niccum wrote:
> I currently use ADO/VBS to enumerate all accounts that have an email
> that ends in <domain>.com.  I have to run that to create an alias file
> for another email system.  The resultset is over 25,000 addresses. 
> The processor on the servers spike to 100% during the query and
> eventually after like 2 weeks the DCs have to be rebooted for lack of
> communication.  The script runs every 15 minutes and takes less than a
> minute to complete.
> 
> I was wondering if there is a way to query AD for the lastest changes
> that pertain to the mail attribute (add/delete/modify)?  Currently I
> have recording thr highestCommittedUSN and comparing it to the current
> highestCommittedUSN every time  run the script and through that
> process am able to determine what objects were updated.  From what I
> gather the replPropertyMetaData attribute contains which attributes
> were modified (but I could be wrong).  I can't figure out how to
> convert that data to a readable format from OctetString.  I found a
> function on the web to convert objectGUID to a string but trying that
> didn't work.  I assume the process to convert would be similar.  I
> left that function in the following script and rem'd out the code.  I
> stripped this down to just the relevant code but it should work on any
> Domain.  The While loop at the bottom is where I am trying to get the
> data and convert it.  It may be that I am looking in the wrong place
> to get attribute level changes, but I am not sure.
> 
> Thanks,
> 
> Mike
> 
> '######## code #############
> 
> Const ForReading = 1, ForWriting = 2, ForAppending = 8
> 
> strUSNFile = "highestCommittedUSN.txt"
> 
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
> 
> set objFileSystem = CreateObject("Scripting.FileSystemObject")
> 
> If objFileSystem.FileExists(strUSNFile) Then
>    Set objUSNFile = objFileSystem.OpenTextFile(strUSNFile, ForReading,
> True)
> Else
>    Set objUSNFile = objFileSystem.CreateTextFile(strUSNFile, True)
>    objUSNFile.writeline objRootDSE.Get("highestCommittedUSN")
>    MsgBox "highestCommittedUSN written to file"
>    wscript.Quit
> End If
> 
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> Set objRecordset = CreateObject("ADODB.Recordset")
> 
> objConnection.Provider = "ADsDSOObject"
> objConnection.CommandTimeout = 10
> objConnection.Open ("Active Directory Provider")
> 
> objCommand.ActiveConnection = objConnection
> 
> strHighestCommittedUSN = objUSNFile.readline
> 
> strQuery = "SELECT distinguishedname FROM 'LDAP://" & strDNSDomain &
> "'" & _
>            " where usnChanged > '" & strHighestCommittedUSN & "'"
> objCommand.CommandText = strQuery
> objCommand.Properties("Page Size") = 1000
> objCommand.Properties("searchscope") =  2 'Search the whole sub-tree
> Set objRecordset = objCommand.Execute
> 
> MsgBox objRecordSet.RecordCount
> 
> While Not objRecordSet.EOF
> 
>    Set objUser = _
> 	   GetObject("LDAP://" & objRecordSet("distinguishedname"))
> 	   
>    MsgBox objUser.replPropertyMetaData	'this obviously doesnt work   
> '   objUser.GetInfoEx Array("objectGUID"), 0
> '   strObjectGUID = _
> '	ConvertObjectGuidToString(objUser.Get("objectGUID"))   
>    
> '   MsgBox strObjectGUID   
>    
>    objRecordSet.MoveNext      
> Wend
> 
> Function ConvertObjectGuidToString(ByVal arrRawObjectGUID)
> 	Dim i, strByte
> 	Dim arrObjectGUID(15)
> 	For i = 1 To LenB(arrRawObjectGUID)
> 		strByte = Hex(AscB(MidB(arrRawObjectGUID, i, 1)))
> 		If Len(strByte) = 1 Then strByte = "0" & strByte
> 		arrObjectGUID(i - 1) = strByte
> 	Next
> 	ConvertObjectGuidToString = Join(arrObjectGUID, "")
> End Function

Relevant Pages

  • Retrieving changes to AD via VBS
    ... I have to run that to create an alias file ... The script runs every 15 minutes and takes less than a ... have recording thr highestCommittedUSN and comparing it to the current ... MsgBox "highestCommittedUSN written to file" ...
    (microsoft.public.win2000.active_directory)
  • Connection to SQL error
    ... I am currently working on a script that checks our AD data based on an excel ... Below is the start of the sub routine when a user is not found in AD ... Set objConnection = CreateObject ... MsgBox Err.Number & vbTab& Err.Description ...
    (microsoft.public.scripting.vbscript)
  • Re: Err values from MapNetworkDrive failures
    ... msgbox Err.description ... '// I switched to run so I can ensure this command ... '// this turns error handling off ... that allows me to see where the script stops. ...
    (microsoft.public.windows.server.scripting)
  • Re: MessageBox questions
    ... than MsgBox since that is a function in the VBScript ... > script was from AWK about a hundred years ago - whew! ... >>reference to JScript and MessageBox that seemed even remotely like it ... >>work for me since I need to tie it to a web service response. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Camera automation under Vista
    ... I am trying the get the following script to work under Vista: ... Dim Command, Name, Description, Icon, EventID, DeviceID, i ... MsgBox "Registering Event Handler" ... MsgBox "Unregistering Event Handler" ...
    (microsoft.public.scripting.vbscript)