' Other Variables
Dim oParams, TargetFQDNComputer, IsTargetAgentless, bIsRODC
Set oParams = WScript.Arguments
if oParams.Count <> 3 then
Wscript.Quit -1
End if
Dim oAPI,oBag
Set oAPI = CreateObject("Mom.ScriptAPI")
Err.Clear
Sub Main()
On Error Resume Next
If Not(IsTargetAgentless) Then
Dim dtStart, bLogSuccess
dtStart = Now
bLogSuccess = CBool(oParams(2))
Dim strComputer
strComputer = TargetFQDNComputer
Dim oConfigTrustMon
Set oConfigTrustMon = GetObject("winmgmts:\\" & strComputer & "\root\MicrosoftActiveDirectory:Microsoft_TrustProvider=@")
If Err <> 0 Then
ScriptError " failed to get the TrustProvider configuration object." & GetErrorString(Err)
Else
oConfigTrustMon.ReturnAll = True
Dim oAllTrusts, oTrust, strTrustErrors
Set oAllTrusts = GetObject("winmgmts:\\" & strComputer & "\root\MicrosoftActiveDirectory").InstancesOf("Microsoft_DomainTrustStatus")
If 0 <> Err Then
bLogSuccess = False
ScriptError "failed to get all the trusts for this DC." & GetErrorString(Err)
Else
For Each oTrust in oAllTrusts
If ((oTrust.TrustType = 1) Or (oTrust.TrustType = 2)) And (oTrust.TrustStatus <> 0) And ((oTrust.TrustStatus <> 1786) Or Not bIsRODC) Then
strTrustErrors = strTrustErrors & FormatTrust(oTrust) & "." & vbCrlF & vbCrlF & "The error is: " & _
oTrust.TrustStatusString & " (0x" & Hex(oTrust.TrustStatus) & ")" & vbCrLf
End If
Next
End If
Err.Clear
Dim oLocalDomain, strLocalDomain
Set oLocalDomain = GetObject("winmgmts:\\" & strComputer & "\root\MicrosoftActiveDirectory:Microsoft_LocalDomainInfo=@")
If 0 = Err Then
strLocalDomain = oLocalDomain.DNSName
End If
If Len(strTrustErrors) > 0 Then
Dim strError
strError = "The trusts between this domain (" & strLocalDomain & ") and the following domain(s) are in an error state: " & strTrustErrors
Set oBag = oAPI.CreateTypedPropertyBag(StateDataType)
oBag.AddValue "State", "BAD"
oBag.AddValue "EventID", "" & EVENT_ID_FAILED_TRUST
oBag.AddValue "ErrorString", strError
oAPI.AddItem oBag
bLogSuccess = False
Else
Set oBag = oAPI.CreateTypedPropertyBag(StateDataType)
oBag.AddValue "State", "GOOD"
oBag.AddValue "EventID", "" & EVENT_ID_SUCCEEDED_TRUST
oAPI.AddItem oBag
End If
If bLogSuccess Then
CreateEvent EVENT_ID_SUCCEEDED_TRUST, EVENT_TYPE_INFORMATION, "The script '" & SCRIPT_NAME & "' completed successfully in "& _
DateDiff("s", dtStart, Now) & " seconds."
End If
End If
Else
CreateEvent EVENT_ID_AGENTLESS, EVENT_TYPE_ERROR, "The AD Management Pack does not support the agentless management mode." & vbCrLf & _
"The script '" & SCRIPT_NAME & "' will not execute." & vbCrLf & _
"To prevent this alert being generated again, either change the monitoring " & _
"mode of the computer '" & TargetFQDNComputer & "' to agent-managed " & _
"or disable the rule that generated this alert."
End If
oAPI.ReturnItems
'Else
' CreateEvent EVENT_ID_EVENT_RULE_ONLY, EVENT_TYPE_WARNING, "The script '" & SCRIPT_NAME & "' can only be executed by an event rule."
'End If
End Sub
'******************************************************************************
Sub CreateEvent(lngEventID, lngEventType, strMessage)
oAPI.LogScriptEvent "AD Monitor Trusts" ,lngEventID, lngEventType, strMessage
End Sub
'******************************************************************************
Sub ScriptError(strMessage)
'
' Purpose: To log a script error event
'
' Arguments: strMessage, the description of the error that occurred
'
CreateEvent EVENT_ID_SCRIPT_ERROR, EVENT_TYPE_WARNING, "The script '" & SCRIPT_NAME & "' " & strMessage
End Sub
'******************************************************************************
Function GetErrorString(oErr)
'
' Purpose: Attempts to find the description for an error if an error with
' no description is passed in.
'
' Parameters: oErr, the error object
'
' Return: String, the description for the error. (Includes the error code.)
'
Dim lErr, strErr
lErr = oErr
strErr = oErr.Description
On Error Resume Next
If 0 >= Len(strErr) Then
' If we don't have an error description, then check to see if the error
' is a 0x8007xxxx error. If it is, then look it up.
Const ErrorMask = &HFFFF0000
Const HiWord8007 = &H80070000
Const LoWordMask = 65535 ' This is equivalent to 0x0000FFFF
If (lErr And ErrorMask) = HiWord8007 Then
' Attempt to use 'net helpmsg' to get a description for the error.
Dim oShell
Set oShell = CreateObject("WScript.Shell")
If Err = 0 Then
Dim oExec
Set oExec = oShell.Exec("net helpmsg " & (lErr And LoWordMask))
Dim strMessage, i
Do
strMessage = oExec.stdout.ReadLine()
i = i + 1
Loop While (Len(strMessage) = 0) And (i < 5)
strErr = strMessage
End If
End If
End If
GetErrorString = "The error returned was: '" & strErr & "' (0x" & Hex(lErr) & ")"
End Function
'******************************************************************************
Function FormatTrust(oTrust)
'
' Purpose: Formats a trust in a readable manner.
'
' Parameters: oTrust, the trust to format
'
' Return: String, the description of the trust
'
On Error Resume Next
Dim strTrust
strTrust = oTrust.TrustedDomain
If oTrust.TrustDirection = TRUST_DIR_INBOUND Then
strTrust = strTrust & " (inbound)"
ElseIf oTrust.TrustDirection = TRUST_DIR_OUTBOUND Then
strTrust = strTrust & " (outbound)"
ElseIf oTrust.TrustDirection = TRUST_DIR_BIDIRECTIONAL Then
strTrust = strTrust & " (bidirectional)"
End If