Retrieves last Changes users groups and computer objects
in [VbScript]
|
Prev: posting data to a web form
Next: Outllook Object model
From: mike on 12 Feb 2010 14:38 Can anybody help me with this script. The script Retrieves the last whenChanged user,group,computer objects since x days in the past 'Script to print out all the last whenChanged objects (user,group/DL, computer that have been whenChanged in the forest in the last N days. Defaults to looking two days back unless a valid # of days is specified on the command line. Ex: cscript NewObjects.vbs 6 The script works fine in a root domain like ldap:// ka.com but when there are more subtrees like ldap://prod.ka.com the give no information, i have look with the Const ADS_SCOPE_SUBTREE = 2 to 1 with no results. Mike The script : Option Explicit 'On error Resume Next Const ADS_SCOPE_BASE = 0 Const ADS_SCOPE_ONELEVEL = 1 Const ADS_SCOPE_SUBTREE = 2 'Do we want to print out marginally useful debugging info Const bDebug =false 'object for RootDSE- used to kind of help get our AD bearings Dim objRootDSE 'Root Domain object - Dim objRootDomain 'RootDN path. Dim RootDN 'Today's Date/Time. Used for comparing whenChanged attribute to now Dim MyDate '# Date Range tells us how far back (in days) we want to look for new objects '# (ex: if DateRange= 2 we want all new objects within the last 2 days Dim DateRange 'Script works by performing ADO search based on object types so we don't have 'to traverse OUs. 'Schema object for groups Dim grpObjCat 'Schema Object for users Dim userObjCat 'Schema object for computers Dim computerObjCat ' Command line args object Dim objArgs 'Output Separator String.... Dim Separator Separator = vbCrLF & "##############################################" & vbCRLF 'DateRange Defaults to 2 if not specified on command line. DateRange = 2 'Set MyDate to Now.... MyDate = Date 'Let's see if another value was specified for DateRange on the command line. '**NOTE: We don't validate the command line arg** Set objArgs = WScript.Arguments 'We got at least one argument. If objArgs.Count > 0 Then If bDebug Then WScript.Echo "[Debug] " & objArgs(0) DateRange = Cint(objArgs(0)) End If WScript.Echo " Looking for objects less than " & DateRange & " Days old" 'Get RootDSE info so we can figure out the Configuration/object category stuff.. set objRootDSE = GetObject("LDAP://RootDSE") If bDebug Then WScript.Echo "[DEBUG] RootDomainNamingcontext=" & objRootDSE.Get("rootDomainNamingContext") 'Get an obj for root domain so we can get the DN Set objRootDomain = GetObject("LDAP://" & objRootDSE.Get("rootDomainNamingContext")) RootDN = objRootDomain.DistinguishedName If bDebug Then Wscript.Echo "[Debug] " &"objRootDomain.DN=" & RootDN grpObjCat = "CN=Group,CN=Schema,CN=Configuration," & RootDN userObjCat = "CN=Person,CN=Schema,CN=Configuration," & RootDN computerObjCat = "CN=Computer,CN=Schema,CN=Configuration," &RootDN GetDomainList RootDN WScript.Quit '###################################################### Sub FindNewObjects( strDCName,strDomainDN, strObjectCategory) '###################################################### '# Find new Objects in the Domain specified by strDomainDN of '# type strobjectcategory '###################################################### Dim description Dim whenChanged Dim CN Dim DN Dim DDiff 'Our Local Connection Object Dim Connection 'Our Local Command Object Dim Command 'RecordSet Object Dim RS 'String to hold the parts of our RS Dim Entry 'index into array of RS Dim Index if bDebug Then Wscript.Echo "[DEBUG] In FindNewObjects([" & strDCName & "],[" & strDomainDN &_ "],[" &strObjectCategory &"]" End If Err.Clear 'Set up our Connection Object... Set Connection = CreateObject("ADODB.Connection") Connection.Provider = "ADsDSOObject" Connection.Open "ADSI" if bDebug Then WScript.Echo " [DEBUG] RC=" & Err.Number &" " & Err.Description 'Set up our Command Object Set Command = CreateObject("ADODB.Command") 'Tie this command object back to our Connection Object Set Command.ActiveConnection = Connection 'Tell AD we want to do a subtree search.... Command.Properties("searchscope")= ADS_SCOPE_SUBTREE 'Select specifies a DC explicitly rather than doing serverless binding because the 'otherwise we seem to get inconsistent results.... Command.CommandText = "SELECT distinguishedName,cn,whenChanged,description" & _ " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ " WHERE objectCategory='" & strObjectCategory & "'" '------------------------------------------- Command.CommandText = "SELECT distinguishedName,cn,whenChanged,description" & _ " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ " WHERE objectCategory='" & strObjectCategory & "'" & _ " ORDER By whenChanged Desc" '------------------------------------------- ' " FROM 'LDAP://standarddc1/" & strDomainDN & "'" & _ if BDebug Then WScript.Echo "[DEBUG] Command.CommandText = " & Command.CommandText 'Execute our Search command Set RS = Command.Execute Err.Clear While Not RS.EOF Err.Clear ' description = RS.Fields(0) ' WScript.Echo "Description Get RC = " & Err.Number & ":" & err.Desciption If Err.Number <> 0 Then Description = "" ' WScript.echo "Err.#=" & Err.Number whenChanged = RS.Fields(1) cn = RS.Fields(2) dn = RS.Fields(3) DDiff = DateDiff("d", whenChanged,MyDate) if bDebug Then WScript.Echo "[DEBUG] DDIFF is =" & DDiff if DDiff <=dateRange Then WScript.Echo whenChanged & ";"& dn & ";" & description else Exit Sub end If RS.MoveNext Wend End Sub '###################################################################### Function GetDC(strDomainDN) '###################################################################### '#Finds an applicable DC to bind to for the domain represented by '# strDomainDN. Uses FSMORoleOwner attribute from domain object. '# Doesn't take AD site or network location into consideration '###################################################################### ' Object representing the domain we want to find a DC For Dim objDomain 'obj represented by FSMORoleOwner Attr of objDomain Dim objFSMOOwner 'obj representing parent of FSMORoleOwner (i.e. the DC) Dim objDC 'Print out Debug info telling us where we are when Func is called if bDebug Then WScript.Echo "[DEBUG] In GetDC(" & strdomainDN & ")" 'Get Domain Object represented by strDomainDN Set objDomain = GetObject("LDAP://" & strDomainDN) If bDebug Then Wscript.echo "[Debug]" & objDomain.Get("fsmoRoleOwner") 'Get FSMORoleOwner Attribute and bind the object. This will look ' something like: CN=NTDS Settings,DC=DC01,DC=Company,DC=Com Set objFSMOOwner = GetObject("LDAP://" & objDomain.Get("fsmoRoleOwner")) If bDebug Then WScript.Echo "[DEBUG] Parent=" & objFSMOOwner.Parent 'Get the "Parent" of the FSMORoleOwner object. This will be the DC. Set objDC= GetObject(objFSMOOwner.Parent) If bDebug Then WScript.Echo "[DEBUG] DC=" & objDC.DnshostName 'Return the HostName of the DC. GetDC= objDC.DnshostName End Function ' '###################################################### Sub GetDomainList(strDomainDN) '###################################################### ' ' ' '###################################################### 'Our Connection Object Dim Connection 'Our Command Object Dim Command 'RecordSet Object Dim RS Dim strDomainName Dim strDN Dim strDCName 'Set up our Connection Object... Set Connection = CreateObject("ADODB.Connection") Connection.Provider = "ADsDSOObject" Connection.Open "ADSI" if bDebug Then WScript.Echo "[DEBUG] RC=" & Err.Number &" " & Err.Description 'Set up our Command Object Set Command = CreateObject("ADODB.Command") 'Tie this command object back to our Connection Object Set Command.ActiveConnection = Connection 'Tell AD we want to do a subtree search.... Command.Properties("searchscope")= ADS_SCOPE_SUBTREE 'Set up our query to get a list of domains from a GC Command.CommandText = "SELECT Name,distinguishedName FROM 'GC://" & strDomainDN & "'" & " WHERE objectCategory='domain'" if bDebug Then WScript.Echo "[DEBUG] Command.CommandText=" & Command.CommandText 'Execute our Search command Err.Clear Set RS = Command.Execute RS.MoveFirst While Not RS.EOF strDomainName = RS.Fields(1) strDN = RS.Fields(0) 'Find a DC for this domain..... strDCName = GetDC(strDN) if bDebug Then WScript.Echo "[DEBUG] name=" & strDomainName & "; DN=" & strDN 'Get List of User objects WScript.Echo Separator & " Changed User Objects in " & strDN FindNewObjects strDCName, strdn, userObjCat 'Get list of group/DL objects WScript.Echo Separator & " Changed group Objects in " & strDN FindNewObjects strDCName, strdn, grpObjCat 'Get list of Computer objects.... WScript.Echo Separator & " Changed computer Objects in " & strDN FindNewObjects strDCName, strdn, computerObjCat RS.MoveNext Wend End Sub
From: Richard Mueller [MVP] on 12 Feb 2010 14:51 All of the attributes you retrieve are in the Global Catalog. I would use the GC: provider instead of the LDAP: provider. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "mike" <mike(a)hotmail.nl> wrote in message news:1386b$4b75acc5$5ed32112$13644(a)cache2.tilbu1.nb.home.nl... > Can anybody help me with this script. > The script > Retrieves the last whenChanged user,group,computer objects since x days in > the past > 'Script to print out all the last whenChanged objects (user,group/DL, > computer that have > been whenChanged in the forest in the last N days. > Defaults to looking two days back unless a valid # of days is specified on > the command line. Ex: cscript NewObjects.vbs 6 > > > The script works fine in a root domain like ldap:// ka.com > but when there are more subtrees like ldap://prod.ka.com the > give no information, i have look > with the Const ADS_SCOPE_SUBTREE = 2 to 1 with no results. > > Mike > > > > > > > > > The script : > > Option Explicit > 'On error Resume Next > > Const ADS_SCOPE_BASE = 0 > Const ADS_SCOPE_ONELEVEL = 1 > Const ADS_SCOPE_SUBTREE = 2 > > 'Do we want to print out marginally useful debugging info > Const bDebug =false > > 'object for RootDSE- used to kind of help get our AD bearings > Dim objRootDSE > 'Root Domain object - > Dim objRootDomain > > 'RootDN path. > Dim RootDN > > 'Today's Date/Time. Used for comparing whenChanged attribute to now > Dim MyDate > '# Date Range tells us how far back (in days) we want to look for new > objects > '# (ex: if DateRange= 2 we want all new objects within the last 2 days > Dim DateRange > > 'Script works by performing ADO search based on object types so we don't > have > 'to traverse OUs. > 'Schema object for groups > Dim grpObjCat > 'Schema Object for users > Dim userObjCat > 'Schema object for computers > Dim computerObjCat > ' Command line args object > Dim objArgs > 'Output Separator String.... > Dim Separator > Separator = vbCrLF & "##############################################" & > vbCRLF > > 'DateRange Defaults to 2 if not specified on command line. > DateRange = 2 > 'Set MyDate to Now.... > MyDate = Date > > 'Let's see if another value was specified for DateRange on the command > line. > '**NOTE: We don't validate the command line arg** > Set objArgs = WScript.Arguments > 'We got at least one argument. > If objArgs.Count > 0 Then > If bDebug Then WScript.Echo "[Debug] " & objArgs(0) > DateRange = Cint(objArgs(0)) > End If > > WScript.Echo " Looking for objects less than " & DateRange & " Days old" > 'Get RootDSE info so we can figure out the Configuration/object category > stuff.. > set objRootDSE = GetObject("LDAP://RootDSE") > If bDebug Then WScript.Echo "[DEBUG] RootDomainNamingcontext=" & > objRootDSE.Get("rootDomainNamingContext") > 'Get an obj for root domain so we can get the DN > Set objRootDomain = GetObject("LDAP://" & > objRootDSE.Get("rootDomainNamingContext")) > RootDN = objRootDomain.DistinguishedName > If bDebug Then Wscript.Echo "[Debug] " &"objRootDomain.DN=" & RootDN > > grpObjCat = "CN=Group,CN=Schema,CN=Configuration," & RootDN > userObjCat = "CN=Person,CN=Schema,CN=Configuration," & RootDN > computerObjCat = "CN=Computer,CN=Schema,CN=Configuration," &RootDN > > GetDomainList RootDN > > > WScript.Quit > > '###################################################### > Sub FindNewObjects( strDCName,strDomainDN, strObjectCategory) > '###################################################### > '# Find new Objects in the Domain specified by strDomainDN of > '# type strobjectcategory > '###################################################### > Dim description > Dim whenChanged > Dim CN > Dim DN > Dim DDiff > 'Our Local Connection Object > Dim Connection > 'Our Local Command Object > Dim Command > 'RecordSet Object > Dim RS > 'String to hold the parts of our RS > Dim Entry > 'index into array of RS > Dim Index > if bDebug Then > Wscript.Echo "[DEBUG] In FindNewObjects([" & strDCName & "],[" & > strDomainDN &_ > "],[" &strObjectCategory &"]" > End If > Err.Clear > 'Set up our Connection Object... > Set Connection = CreateObject("ADODB.Connection") > > Connection.Provider = "ADsDSOObject" > Connection.Open "ADSI" > if bDebug Then WScript.Echo " [DEBUG] RC=" & Err.Number &" " & > Err.Description > 'Set up our Command Object > Set Command = CreateObject("ADODB.Command") > 'Tie this command object back to our Connection Object > Set Command.ActiveConnection = Connection > 'Tell AD we want to do a subtree search.... > Command.Properties("searchscope")= ADS_SCOPE_SUBTREE > 'Select specifies a DC explicitly rather than doing serverless binding > because the > 'otherwise we seem to get inconsistent results.... > > Command.CommandText = "SELECT > distinguishedName,cn,whenChanged,description" & _ > " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ > " WHERE objectCategory='" & strObjectCategory & "'" > > '------------------------------------------- > Command.CommandText = "SELECT > distinguishedName,cn,whenChanged,description" & _ > " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ > " WHERE objectCategory='" & strObjectCategory & "'" & _ > " ORDER By whenChanged Desc" > '------------------------------------------- > ' " FROM 'LDAP://standarddc1/" & strDomainDN & "'" & _ > if BDebug Then WScript.Echo "[DEBUG] Command.CommandText = " & > Command.CommandText > 'Execute our Search command > Set RS = Command.Execute > Err.Clear > While Not RS.EOF > Err.Clear > ' description = RS.Fields(0) > ' WScript.Echo "Description Get RC = " & Err.Number & ":" & err.Desciption > If Err.Number <> 0 Then Description = "" > ' WScript.echo "Err.#=" & Err.Number > whenChanged = RS.Fields(1) > cn = RS.Fields(2) > dn = RS.Fields(3) > DDiff = DateDiff("d", whenChanged,MyDate) > if bDebug Then WScript.Echo "[DEBUG] DDIFF is =" & DDiff > if DDiff <=dateRange Then > WScript.Echo whenChanged & ";"& dn & ";" & description > else > Exit Sub > end If > RS.MoveNext > Wend > > End Sub > > '###################################################################### > Function GetDC(strDomainDN) > '###################################################################### > '#Finds an applicable DC to bind to for the domain represented by > '# strDomainDN. Uses FSMORoleOwner attribute from domain object. > '# Doesn't take AD site or network location into consideration > '###################################################################### > ' Object representing the domain we want to find a DC For > Dim objDomain > 'obj represented by FSMORoleOwner Attr of objDomain > Dim objFSMOOwner > 'obj representing parent of FSMORoleOwner (i.e. the DC) > Dim objDC > 'Print out Debug info telling us where we are when Func is called > if bDebug Then WScript.Echo "[DEBUG] In GetDC(" & strdomainDN & ")" > 'Get Domain Object represented by strDomainDN > Set objDomain = GetObject("LDAP://" & strDomainDN) > > If bDebug Then Wscript.echo "[Debug]" & objDomain.Get("fsmoRoleOwner") > 'Get FSMORoleOwner Attribute and bind the object. This will look > ' something like: CN=NTDS Settings,DC=DC01,DC=Company,DC=Com > Set objFSMOOwner = GetObject("LDAP://" & objDomain.Get("fsmoRoleOwner")) > > If bDebug Then WScript.Echo "[DEBUG] Parent=" & objFSMOOwner.Parent > 'Get the "Parent" of the FSMORoleOwner object. This will be the DC. > Set objDC= GetObject(objFSMOOwner.Parent) > If bDebug Then WScript.Echo "[DEBUG] DC=" & objDC.DnshostName > 'Return the HostName of the DC. > GetDC= objDC.DnshostName > End Function > ' > > '###################################################### > Sub GetDomainList(strDomainDN) > '###################################################### > ' > ' > ' > '###################################################### > 'Our Connection Object > Dim Connection > 'Our Command Object > Dim Command > 'RecordSet Object > Dim RS > Dim strDomainName > Dim strDN > Dim strDCName > 'Set up our Connection Object... > Set Connection = CreateObject("ADODB.Connection") > Connection.Provider = "ADsDSOObject" > Connection.Open "ADSI" > if bDebug Then WScript.Echo "[DEBUG] RC=" & Err.Number &" " & > Err.Description > 'Set up our Command Object > Set Command = CreateObject("ADODB.Command") > 'Tie this command object back to our Connection Object > Set Command.ActiveConnection = Connection > 'Tell AD we want to do a subtree search.... > Command.Properties("searchscope")= ADS_SCOPE_SUBTREE > > 'Set up our query to get a list of domains from a GC > > > > Command.CommandText = "SELECT Name,distinguishedName FROM 'GC://" & > strDomainDN & "'" & " WHERE objectCategory='domain'" > > if bDebug Then WScript.Echo "[DEBUG] Command.CommandText=" & > Command.CommandText > > 'Execute our Search command > Err.Clear > Set RS = Command.Execute > > RS.MoveFirst > > While Not RS.EOF > strDomainName = RS.Fields(1) > strDN = RS.Fields(0) > 'Find a DC for this domain..... > strDCName = GetDC(strDN) > > if bDebug Then WScript.Echo "[DEBUG] name=" & strDomainName & "; DN=" & > strDN > > 'Get List of User objects > WScript.Echo Separator & " Changed User Objects in " & strDN > FindNewObjects strDCName, strdn, userObjCat > > 'Get list of group/DL objects > WScript.Echo Separator & " Changed group Objects in " & strDN > FindNewObjects strDCName, strdn, grpObjCat > > 'Get list of Computer objects.... > WScript.Echo Separator & " Changed computer Objects in " & strDN > FindNewObjects strDCName, strdn, computerObjCat > > RS.MoveNext > Wend > End Sub >
From: mike on 12 Feb 2010 16:24 How do i do that must i change : set objRootDSE = GetObject("LDAP://RootDSE") in set objRootDSE = GetObject("GC://RootDSE") "Richard Mueller [MVP]" <rlmueller-nospam(a)ameritech.nospam.net> schreef in bericht news:eLGK$yBrKHA.3800(a)TK2MSFTNGP06.phx.gbl... > All of the attributes you retrieve are in the Global Catalog. I would use > the GC: provider instead of the LDAP: provider. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "mike" <mike(a)hotmail.nl> wrote in message > news:1386b$4b75acc5$5ed32112$13644(a)cache2.tilbu1.nb.home.nl... >> Can anybody help me with this script. >> The script >> Retrieves the last whenChanged user,group,computer objects since x days >> in the past >> 'Script to print out all the last whenChanged objects (user,group/DL, >> computer that have >> been whenChanged in the forest in the last N days. >> Defaults to looking two days back unless a valid # of days is specified >> on >> the command line. Ex: cscript NewObjects.vbs 6 >> >> >> The script works fine in a root domain like ldap:// ka.com >> but when there are more subtrees like ldap://prod.ka.com the >> give no information, i have look >> with the Const ADS_SCOPE_SUBTREE = 2 to 1 with no results. >> >> Mike >> >> >> >> >> >> >> >> >> The script : >> >> Option Explicit >> 'On error Resume Next >> >> Const ADS_SCOPE_BASE = 0 >> Const ADS_SCOPE_ONELEVEL = 1 >> Const ADS_SCOPE_SUBTREE = 2 >> >> 'Do we want to print out marginally useful debugging info >> Const bDebug =false >> >> 'object for RootDSE- used to kind of help get our AD bearings >> Dim objRootDSE >> 'Root Domain object - >> Dim objRootDomain >> >> 'RootDN path. >> Dim RootDN >> >> 'Today's Date/Time. Used for comparing whenChanged attribute to now >> Dim MyDate >> '# Date Range tells us how far back (in days) we want to look for new >> objects >> '# (ex: if DateRange= 2 we want all new objects within the last 2 days >> Dim DateRange >> >> 'Script works by performing ADO search based on object types so we don't >> have >> 'to traverse OUs. >> 'Schema object for groups >> Dim grpObjCat >> 'Schema Object for users >> Dim userObjCat >> 'Schema object for computers >> Dim computerObjCat >> ' Command line args object >> Dim objArgs >> 'Output Separator String.... >> Dim Separator >> Separator = vbCrLF & "##############################################" & >> vbCRLF >> >> 'DateRange Defaults to 2 if not specified on command line. >> DateRange = 2 >> 'Set MyDate to Now.... >> MyDate = Date >> >> 'Let's see if another value was specified for DateRange on the command >> line. >> '**NOTE: We don't validate the command line arg** >> Set objArgs = WScript.Arguments >> 'We got at least one argument. >> If objArgs.Count > 0 Then >> If bDebug Then WScript.Echo "[Debug] " & objArgs(0) >> DateRange = Cint(objArgs(0)) >> End If >> >> WScript.Echo " Looking for objects less than " & DateRange & " Days old" >> 'Get RootDSE info so we can figure out the Configuration/object category >> stuff.. >> set objRootDSE = GetObject("LDAP://RootDSE") >> If bDebug Then WScript.Echo "[DEBUG] RootDomainNamingcontext=" & >> objRootDSE.Get("rootDomainNamingContext") >> 'Get an obj for root domain so we can get the DN >> Set objRootDomain = GetObject("LDAP://" & >> objRootDSE.Get("rootDomainNamingContext")) >> RootDN = objRootDomain.DistinguishedName >> If bDebug Then Wscript.Echo "[Debug] " &"objRootDomain.DN=" & RootDN >> >> grpObjCat = "CN=Group,CN=Schema,CN=Configuration," & RootDN >> userObjCat = "CN=Person,CN=Schema,CN=Configuration," & RootDN >> computerObjCat = "CN=Computer,CN=Schema,CN=Configuration," &RootDN >> >> GetDomainList RootDN >> >> >> WScript.Quit >> >> '###################################################### >> Sub FindNewObjects( strDCName,strDomainDN, strObjectCategory) >> '###################################################### >> '# Find new Objects in the Domain specified by strDomainDN of >> '# type strobjectcategory >> '###################################################### >> Dim description >> Dim whenChanged >> Dim CN >> Dim DN >> Dim DDiff >> 'Our Local Connection Object >> Dim Connection >> 'Our Local Command Object >> Dim Command >> 'RecordSet Object >> Dim RS >> 'String to hold the parts of our RS >> Dim Entry >> 'index into array of RS >> Dim Index >> if bDebug Then >> Wscript.Echo "[DEBUG] In FindNewObjects([" & strDCName & "],[" & >> strDomainDN &_ >> "],[" &strObjectCategory &"]" >> End If >> Err.Clear >> 'Set up our Connection Object... >> Set Connection = CreateObject("ADODB.Connection") >> >> Connection.Provider = "ADsDSOObject" >> Connection.Open "ADSI" >> if bDebug Then WScript.Echo " [DEBUG] RC=" & Err.Number &" " & >> Err.Description >> 'Set up our Command Object >> Set Command = CreateObject("ADODB.Command") >> 'Tie this command object back to our Connection Object >> Set Command.ActiveConnection = Connection >> 'Tell AD we want to do a subtree search.... >> Command.Properties("searchscope")= ADS_SCOPE_SUBTREE >> 'Select specifies a DC explicitly rather than doing serverless binding >> because the >> 'otherwise we seem to get inconsistent results.... >> >> Command.CommandText = "SELECT >> distinguishedName,cn,whenChanged,description" & _ >> " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ >> " WHERE objectCategory='" & strObjectCategory & "'" >> >> '------------------------------------------- >> Command.CommandText = "SELECT >> distinguishedName,cn,whenChanged,description" & _ >> " FROM 'LDAP://" & strDCName & "/" & strDomainDN & "'" & _ >> " WHERE objectCategory='" & strObjectCategory & "'" & _ >> " ORDER By whenChanged Desc" >> '------------------------------------------- >> ' " FROM 'LDAP://standarddc1/" & strDomainDN & "'" & _ >> if BDebug Then WScript.Echo "[DEBUG] Command.CommandText = " & >> Command.CommandText >> 'Execute our Search command >> Set RS = Command.Execute >> Err.Clear >> While Not RS.EOF >> Err.Clear >> ' description = RS.Fields(0) >> ' WScript.Echo "Description Get RC = " & Err.Number & ":" & >> err.Desciption >> If Err.Number <> 0 Then Description = "" >> ' WScript.echo "Err.#=" & Err.Number >> whenChanged = RS.Fields(1) >> cn = RS.Fields(2) >> dn = RS.Fields(3) >> DDiff = DateDiff("d", whenChanged,MyDate) >> if bDebug Then WScript.Echo "[DEBUG] DDIFF is =" & DDiff >> if DDiff <=dateRange Then >> WScript.Echo whenChanged & ";"& dn & ";" & description >> else >> Exit Sub >> end If >> RS.MoveNext >> Wend >> >> End Sub >> >> '###################################################################### >> Function GetDC(strDomainDN) >> '###################################################################### >> '#Finds an applicable DC to bind to for the domain represented by >> '# strDomainDN. Uses FSMORoleOwner attribute from domain object. >> '# Doesn't take AD site or network location into consideration >> '###################################################################### >> ' Object representing the domain we want to find a DC For >> Dim objDomain >> 'obj represented by FSMORoleOwner Attr of objDomain >> Dim objFSMOOwner >> 'obj representing parent of FSMORoleOwner (i.e. the DC) >> Dim objDC >> 'Print out Debug info telling us where we are when Func is called >> if bDebug Then WScript.Echo "[DEBUG] In GetDC(" & strdomainDN & ")" >> 'Get Domain Object represented by strDomainDN >> Set objDomain = GetObject("LDAP://" & strDomainDN) >> >> If bDebug Then Wscript.echo "[Debug]" & objDomain.Get("fsmoRoleOwner") >> 'Get FSMORoleOwner Attribute and bind the object. This will look >> ' something like: CN=NTDS Settings,DC=DC01,DC=Company,DC=Com >> Set objFSMOOwner = GetObject("LDAP://" & objDomain.Get("fsmoRoleOwner")) >> >> If bDebug Then WScript.Echo "[DEBUG] Parent=" & objFSMOOwner.Parent >> 'Get the "Parent" of the FSMORoleOwner object. This will be the DC. >> Set objDC= GetObject(objFSMOOwner.Parent) >> If bDebug Then WScript.Echo "[DEBUG] DC=" & objDC.DnshostName >> 'Return the HostName of the DC. >> GetDC= objDC.DnshostName >> End Function >> ' >> >> '###################################################### >> Sub GetDomainList(strDomainDN) >> '###################################################### >> ' >> ' >> ' >> '###################################################### >> 'Our Connection Object >> Dim Connection >> 'Our Command Object >> Dim Command >> 'RecordSet Object >> Dim RS >> Dim strDomainName >> Dim strDN >> Dim strDCName >> 'Set up our Connection Object... >> Set Connection = CreateObject("ADODB.Connection") >> Connection.Provider = "ADsDSOObject" >> Connection.Open "ADSI" >> if bDebug Then WScript.Echo "[DEBUG] RC=" & Err.Number &" " & >> Err.Description >> 'Set up our Command Object >> Set Command = CreateObject("ADODB.Command") >> 'Tie this command object back to our Connection Object >> Set Command.ActiveConnection = Connection >> 'Tell AD we want to do a subtree search.... >> Command.Properties("searchscope")= ADS_SCOPE_SUBTREE >> >> 'Set up our query to get a list of domains from a GC >> >> >> >> Command.CommandText = "SELECT Name,distinguishedName FROM 'GC://" & >> strDomainDN & "'" & " WHERE objectCategory='domain'" >> >> if bDebug Then WScript.Echo "[DEBUG] Command.CommandText=" & >> Command.CommandText >> >> 'Execute our Search command >> Err.Clear >> Set RS = Command.Execute >> >> RS.MoveFirst >> >> While Not RS.EOF >> strDomainName = RS.Fields(1) >> strDN = RS.Fields(0) >> 'Find a DC for this domain..... >> strDCName = GetDC(strDN) >> >> if bDebug Then WScript.Echo "[DEBUG] name=" & strDomainName & "; DN=" & >> strDN >> >> 'Get List of User objects >> WScript.Echo Separator & " Changed User Objects in " & strDN >> FindNewObjects strDCName, strdn, userObjCat >> >> 'Get list of group/DL objects >> WScript.Echo Separator & " Changed group Objects in " & strDN >> FindNewObjects strDCName, strdn, grpObjCat >> >> 'Get list of Computer objects.... >> WScript.Echo Separator & " Changed computer Objects in " & strDN >> FindNewObjects strDCName, strdn, computerObjCat >> >> RS.MoveNext >> Wend >> End Sub >> > >
|
Pages: 1 Prev: posting data to a web form Next: Outllook Object model |