[ActiveDir] Message Not Delivered

ssanders Wed, 20 Jul 2005 02:09:00 -0700

-----------------------------------------------------------
Attention: Non-Delivery Report
-----------------------------------------------------------


This report is generated by the email server at:

       ivytech.edu

The message with subject:

       "[ActiveDir] Message Not Delivered"

and attached to this report was not delivered to 
the following recipients:

Address: [EMAIL PROTECTED]
Reason:  554 5.5.2 No valid recipients (554)
--------------

--- Begin Message ---
--- End Message ---

-----------------------------------------------------------
Attention: Non-Delivery Report
-----------------------------------------------------------

This report is generated by the email server at:

       ivytech.edu

The message with subject:

       "[ActiveDir] Message Not Delivered"

and attached to this report was not delivered to 
the following recipients:

Address: [EMAIL PROTECTED]
Reason:  554 5.5.2 No valid recipients (554)
--------------

--- Begin Message ---
--- End Message ---

-----------------------------------------------------------
Attention: Non-Delivery Report
-----------------------------------------------------------

This report is generated by the email server at:

       ivytech.edu

The message with subject:

       "RE: [ActiveDir] Programmatic auditing of AD changes similar to what 
Quest/NetPro use"

and attached to this report was not delivered to 
the following recipients:

Address: [EMAIL PROTECTED]
Reason:  554 5.5.2 No valid recipients (554)
--------------

--- Begin Message ---

No. It doesn't use DIRSYNC. To be honest, I would like, but that is another
story.
Just a question of priority among the millions of things to do in WMI ... :)

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Tuesday, July 19, 2005 11:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Programmatic auditing of AD changes similar to what
Quest/NetPro use

I always assumed that the WMI call is using DirSynch under the covers.
That seemed to me to be the only way it would be able to accomplish the
notifications.  It's good to know that that is not the case.  Thanks Alain. 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir
Sent: Tuesday, July 19, 2005 11:28 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Programmatic auditing of AD changes similar to what
Quest/NetPro use

I just want to stress the fact that WMI is not an auditing technology per
se.
All what WMI does is polling AD for changes at regular intervals. Based on
WQL query and changes, it notifies the WMI consumer that there was a change.
No auditing information is available out of WMI. Windows Auditing must be
used to gather the "who did it".
Moreover, I advise you to scope your WQL query very well (narrow scope) for
good performance.

/Alain 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Tuesday, July 19, 2005 11:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Programmatic auditing of AD changes similar to what
Quest/NetPro use

WMI Actually has an asynronous call that you can use to monitor specific
objects.  It will notify you when the object changes and what the original
and new values are.  Adam Lissoir wrote some scripts that demonstrate this.
I think these links still work:  

http://www.LissWare.Net
See "Sample 3.54 - GroupMonitor.wsf"

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp
Sent: Friday, July 08, 2005 9:53 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Programmatic auditing of AD changes similar to what
Quest/NetPro use

I'm interested in identifying the programming interfaces used by products
like Quest's Change Manager for Active Directory and NetPro's AD-related
change monitoring products.  The existing ADSI and LDAP interfaces do not
appear to offer the degree of granularity that these products are capable of
obtaining in terms of AD changes that they can monitor & report on.

I'm familiar with Novell's eDirectory [f.k.a. NDS] and the sophisticated
async event notification API functions that it provides, and I'm thinking
that AD has to have something similar.  However, the MSDN Platform SDK
documentation doesn't identify anything in way of API functions or COM
interfaces [e.g. ADSI] that are capable of providing the sort of event
notification that I'm needing to use in my application.

I'm looking to track object creation, deletion, rename, move and
modification of attributes.  In the case of modified attributes, for single
valued attributes, I need to know the before & after values, and in the case
of multi-valued attributes, I need to know which individual value was added
to or removed from the attribute's value list.

Does anybody have any recommendations on what sorts of programming
interfaces are available that can provide this degree of granularity in AD
event monitoring?

TIA,

Chuck
--
Chuck Chopp

ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com

RTFM Consulting Services Inc.     864 801 2795 voice & voicemail
103 Autumn Hill Road              864 801 2774 fax
Greer, SC  29651

Do not send me unsolicited commercial email.

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

--- End Message ---

[ActiveDir] Message Not Delivered

Reply via email to