Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: E-Mail on AD Group Membership Change

0 views

Skip to first unread message

Richard Mueller [MVP]

unread,

Mar 31, 2007, 1:53:40 PM3/31/07

Craig Wallace wrote:

> Does anyone have a script or can help me with one. I need a script that i
> can run once an hour that will check the Domain Admins and the
> Administrator
> groups in AD and if any change has been made since the last check to send
> and
> email
>

The whenChanged attribute of the group object can be used to determine if
changes have been made to the group (any change, including to the
membership), since a specified date. The last change date must be saved
somewhere, perhaps in a text file.

The example below retrieves the last change date from a file, then checks
the two groups to see if either has been changed since. If so, the script
echos a message to the screen. The program saves the new date in the text
file. Someone else can suggest ways to send email messages.
=========
Option Explicit

Dim strWhenChanged, strLastChanged
Dim strLastDateFile, objFSO, objDateFile
Dim strDomainAdmsDN, strAdminsDN, objDomainAdms, objAdmins

Const ForReading = 1
Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True

' Specify Distinguished Names of groups to monitor.
strDomainAdmsDN = "cn=Domain Admins,cn=Users,dc=Hilltop,dc=rlmueller,dc=net"
strAdminsDN = "cn=Administrators,cn=Builtin,dc=Hilltop,dc=rlmueller,dc=net"

' Specify file where last change date (in UTC) is saved.
strLastDateFile = "c:\rlm\HilltopLab\Recent\LastDate.txt"

' Retrieve last change date.
Set objFSO = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set objDateFile = objFSO.OpenTextFile(strLastDateFile, ForReading)
If (Err.Number <> 0) Then
On Error GoTo 0
' Assign default date.
strLastChanged = "1/1/2007 12:00:00 AM"
Else
On Error GoTo 0
strLastChanged = objDateFile.ReadLine
objDateFile.Close
End If

' Bind to Domain Admins group.
Set objDomainAdms = GetObject("LDAP://" & strDomainAdmsDN)

' Check if changed.
If (CDate(objDomainAdms.whenChanged) > CDate(strLastChanged)) Then
Wscript.Echo "Domain Admins group changed " & objDomainAdms.whenChanged
End If

' Bind to Administrators group.
Set objAdmins = GetObject("LDAP://" & strAdminsDN)

' Check if changed.
If (CDate(objAdmins.whenChanged) > CDate(strLastChanged)) Then
Wscript.Echo "Administrators group changed " & objAdmins.whenChanged
End If

If (CDate(objDomainAdms.whenChanged) > CDate(objAdmins.whenChanged)) Then
strLastChanged = objDomainAdms.whenChanged
Else
strLastChanged = objAdmins.whenChanged
End If

' Increment last creation date by one second.
strLastChanged = CStr(DateAdd("s", 1, CDate(strLastChanged)))

' Save last creation date.
Set objDateFile = objFSO.OpenTextFile(strLastDateFile, _
ForWriting, CreateIfNotExist, OpenAsASCII)
objDateFile.WriteLine strLastChanged

' Clean up.
objDateFile.Close

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

Craig Wallace

unread,

Mar 31, 2007, 2:04:02 PM3/31/07

Excellent thank you very very much. i am sure i can work the email part out
but again thanks very much for your help

0 new messages