<DataSourceModuleType ID="AD_Monitor_Trusts.DataSource" Accessibility="Internal" Batching="false">
<Configuration>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="IntervalSeconds" type="xsd:int"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TargetComputerName" type="xsd:string"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TimeoutSeconds" type="xsd:int"/>
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>
</OverrideableParameters>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<DataSource ID="DS" TypeID="System!System.CommandExecuterPropertyBagSource">
<IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>
<ApplicationName>%windir%\system32\cscript.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>//nologo $file/AD_Monitor_Trusts.vbs$ $Config/TargetComputerName$ $Target/Property[Type="AD2012Core!Microsoft.Windows.Server.2012.AD.DomainControllerRole"]/IsRODC$</CommandLine>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>AD_Monitor_Trusts.vbs</Name>
<Contents><Script>'*************************************************************************
' Script Name - AD Monitor Trusts
'
' Purpose - Checks the status of the AD trusts.
'
' (c) Copyright 2014, Microsoft Corporation, All Rights Reserved
' Proprietary and confidential to Microsoft Corporation
'*************************************************************************
Option Explicit
SetLocale("en-us")
On Error Resume Next
Sub Main()
Dim oParams, sTargetFQDNComputer, bIsRODC, oAPI, oBag, sError, oConfigTrustMon
Set oParams = WScript.Arguments
Set oAPI = CreateObject("Mom.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
if oParams.Count <> 2 then
sError = "The number of command line arguments is incorrect: " & vbCrLf & _
"Expected: 2" & vbCrLf & _
"Actual: " & oParams.Count
Call oAPI.Return(oBag)
Exit Sub
Else
Dim oAllTrusts, oTrust, strTrustErrors, oLocalDomain
oConfigTrustMon.ReturnAll = True
Set oAllTrusts = GetObject("winmgmts:\\" & sTargetFQDNComputer & "\root\MicrosoftActiveDirectory").InstancesOf("Microsoft_DomainTrustStatus")
If 0 <> Err Then
sError = "Failed to get the domain trusts for this DC: " & vbCrLf & _
"Error: " & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
Else
For Each oTrust in oAllTrusts
If ((oTrust.TrustType = 1) Or (oTrust.TrustType = 2)) And (oTrust.TrustStatus <> 0) And ((oTrust.TrustStatus <> 1786) Or Not bIsRODC) Then
strTrustErrors = strTrustErrors & "Trust: " & FormatTrust(oTrust) & vbCrlF & _
"Error: " & oTrust.TrustStatusString & " (0x" & Hex(oTrust.TrustStatus) & ")" & vbCrLf & vbCrLf
End If
Next
End If
Err.Clear
Set oLocalDomain = GetObject("winmgmts:\\" & sTargetFQDNComputer & "\root\MicrosoftActiveDirectory:Microsoft_LocalDomainInfo=@")
If Len(strTrustErrors) > 0 Then
Dim strError
strError = "The trusts between this domain (" & oLocalDomain.DNSName & ") and the following domain(s) are in an error state: " & strTrustErrors
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", strError
oAPI.AddItem oBag
Else
oBag.AddValue "State", "GOOD"
End If
End If
Call oAPI.Return(oBag)
End Sub
'******************************************************************************
Function GetErrorString(oErr)
'
' Purpose: Attempts to find the description for an error if an error with
' no description is passed in.
'
' Parameters: oErr, the error object
'
' Return: String, the description for the error. (Includes the error code.)
'
Dim lErr, strErr
lErr = oErr
strErr = oErr.Description
On Error Resume Next
If 0 >= Len(strErr) Then
' If we don't have an error description, then check to see if the error
' is a 0x8007xxxx error. If it is, then look it up.
Const ErrorMask = &HFFFF0000
Const HiWord8007 = &H80070000
Const LoWordMask = 65535 ' This is equivalent to 0x0000FFFF
If (lErr And ErrorMask) = HiWord8007 Then
' Attempt to use 'net helpmsg' to get a description for the error.
Dim oShell
Set oShell = CreateObject("WScript.Shell")
If Err = 0 Then
Dim oExec
Set oExec = oShell.Exec("net helpmsg " & (lErr And LoWordMask))
Dim strMessage, i
Do
strMessage = oExec.stdout.ReadLine()
i = i + 1
Loop While (Len(strMessage) = 0) And (i < 5)
strErr = strMessage
End If
End If
End If
GetErrorString = "The error returned was: '" & strErr & "' (0x" & Hex(lErr) & ")"
End Function
'******************************************************************************
Function FormatTrust(oTrust)
'
' Purpose: Formats a trust in a readable manner.
'
' Parameters: oTrust, the trust to format
'
' Return: String, the description of the trust
'
On Error Resume Next
Dim strTrust
strTrust = oTrust.TrustedDomain
If oTrust.TrustDirection = TRUST_DIR_INBOUND Then
strTrust = strTrust & " (inbound)"
ElseIf oTrust.TrustDirection = TRUST_DIR_OUTBOUND Then
strTrust = strTrust & " (outbound)"
ElseIf oTrust.TrustDirection = TRUST_DIR_BIDIRECTIONAL Then
strTrust = strTrust & " (bidirectional)"
End If