Retrieving changes to AD via VBS

M

Mike Niccum

I currently use ADO/VBS to enumerate all accounts that have an email
that ends in <domain>.com. I have to run that to create an alias file
for another email system. The resultset is over 25,000 addresses.
The processor on the servers spike to 100% during the query and
eventually after like 2 weeks the DCs have to be rebooted for lack of
communication. The script runs every 15 minutes and takes less than a
minute to complete.

I was wondering if there is a way to query AD for the lastest changes
that pertain to the mail attribute (add/delete/modify)? Currently I
have recording thr highestCommittedUSN and comparing it to the current
highestCommittedUSN every time run the script and through that
process am able to determine what objects were updated. From what I
gather the replPropertyMetaData attribute contains which attributes
were modified (but I could be wrong). I can't figure out how to
convert that data to a readable format from OctetString. I found a
function on the web to convert objectGUID to a string but trying that
didn't work. I assume the process to convert would be similar. I
left that function in the following script and rem'd out the code. I
stripped this down to just the relevant code but it should work on any
Domain. The While loop at the bottom is where I am trying to get the
data and convert it. It may be that I am looking in the wrong place
to get attribute level changes, but I am not sure.

Thanks,

Mike

'######## code #############

Const ForReading = 1, ForWriting = 2, ForAppending = 8

strUSNFile = "highestCommittedUSN.txt"

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

set objFileSystem = CreateObject("Scripting.FileSystemObject")

If objFileSystem.FileExists(strUSNFile) Then
Set objUSNFile = objFileSystem.OpenTextFile(strUSNFile, ForReading,
True)
Else
Set objUSNFile = objFileSystem.CreateTextFile(strUSNFile, True)
objUSNFile.writeline objRootDSE.Get("highestCommittedUSN")
MsgBox "highestCommittedUSN written to file"
wscript.Quit
End If

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
Set objRecordset = CreateObject("ADODB.Recordset")

objConnection.Provider = "ADsDSOObject"
objConnection.CommandTimeout = 10
objConnection.Open ("Active Directory Provider")

objCommand.ActiveConnection = objConnection

strHighestCommittedUSN = objUSNFile.readline

strQuery = "SELECT distinguishedname FROM 'LDAP://" & strDNSDomain &
"'" & _
" where usnChanged > '" & strHighestCommittedUSN & "'"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 1000
objCommand.Properties("searchscope") = 2 'Search the whole sub-tree
Set objRecordset = objCommand.Execute

MsgBox objRecordSet.RecordCount

While Not objRecordSet.EOF

Set objUser = _
GetObject("LDAP://" & objRecordSet("distinguishedname"))

MsgBox objUser.replPropertyMetaData 'this obviously doesnt work
' objUser.GetInfoEx Array("objectGUID"), 0
' strObjectGUID = _
' ConvertObjectGuidToString(objUser.Get("objectGUID"))

' MsgBox strObjectGUID

objRecordSet.MoveNext
Wend

Function ConvertObjectGuidToString(ByVal arrRawObjectGUID)
Dim i, strByte
Dim arrObjectGUID(15)
For i = 1 To LenB(arrRawObjectGUID)
strByte = Hex(AscB(MidB(arrRawObjectGUID, i, 1)))
If Len(strByte) = 1 Then strByte = "0" & strByte
arrObjectGUID(i - 1) = strByte
Next
ConvertObjectGuidToString = Join(arrObjectGUID, "")
End Function
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top