I always assumed that the WMI call is using DirSynch under the covers. That seemed to me to be the only way it would be able to accomplish the notifications. It's good to know that that is not the case. Thanks Alain.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Tuesday, July 19, 2005 11:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Programmatic auditing of AD changes similar to what Quest/NetPro use I just want to stress the fact that WMI is not an auditing technology per se. All what WMI does is polling AD for changes at regular intervals. Based on WQL query and changes, it notifies the WMI consumer that there was a change. No auditing information is available out of WMI. Windows Auditing must be used to gather the "who did it". Moreover, I advise you to scope your WQL query very well (narrow scope) for good performance. /Alain -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Tuesday, July 19, 2005 11:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Programmatic auditing of AD changes similar to what Quest/NetPro use WMI Actually has an asynronous call that you can use to monitor specific objects. It will notify you when the object changes and what the original and new values are. Adam Lissoir wrote some scripts that demonstrate this. I think these links still work: http://www.LissWare.Net See "Sample 3.54 - GroupMonitor.wsf" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp Sent: Friday, July 08, 2005 9:53 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Programmatic auditing of AD changes similar to what Quest/NetPro use I'm interested in identifying the programming interfaces used by products like Quest's Change Manager for Active Directory and NetPro's AD-related change monitoring products. The existing ADSI and LDAP interfaces do not appear to offer the degree of granularity that these products are capable of obtaining in terms of AD changes that they can monitor & report on. I'm familiar with Novell's eDirectory [f.k.a. NDS] and the sophisticated async event notification API functions that it provides, and I'm thinking that AD has to have something similar. However, the MSDN Platform SDK documentation doesn't identify anything in way of API functions or COM interfaces [e.g. ADSI] that are capable of providing the sort of event notification that I'm needing to use in my application. I'm looking to track object creation, deletion, rename, move and modification of attributes. In the case of modified attributes, for single valued attributes, I need to know the before & after values, and in the case of multi-valued attributes, I need to know which individual value was added to or removed from the attribute's value list. Does anybody have any recommendations on what sorts of programming interfaces are available that can provide this degree of granularity in AD event monitoring? TIA, Chuck -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
