<ProbeActionModuleType ID="AD_Validate_Server_Trust_Event.ProbeAction" Accessibility="Internal" Batching="false" PassThrough="false">
<Configuration>
<xsd:element name="TargetComputerName" type="xsd:string"/>
<xsd:element name="LogSuccessEvent" type="xsd:boolean"/>
<xsd:element name="ComputerAccount" type="xsd:string"/>
<xsd:element name="TimeoutSeconds" type="xsd:int"/>
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="LogSuccessEvent" Selector="$Config/LogSuccessEvent$" ParameterType="string"/>
<OverrideableParameter ID="ComputerAccount" Selector="$Config/ComputerAccount$" ParameterType="string"/>
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>
</OverrideableParameters>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<ProbeAction ID="DS" TypeID="System!System.CommandExecuterProbe">
<ApplicationName>%windir%\system32\cscript.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>//nologo $file/AD_Validate_Server_Trust_Event.vbs$ $Config/TargetComputerName$ $Config/LogSuccessEvent$ $Config/ComputerAccount$</CommandLine>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>AD_Validate_Server_Trust_Event.vbs</Name>
<Contents><Script>
'*************************************************************************
' Script Name - AD Validate Server Trust Event
'
' Purpose - Runs in response to NetLogon event 5723. If the second
' parameter is a server trust account then the event is
' propagated, otherwise it is ignored.
'
' Assumptions - Script is only ever run in response to NetLogon 5723 and
' the event parameters are available to the script.
'
' Parameters - LogSuccessEvent - Indicates whether to log an event when
' the script completes successfully (that is without
' logging any errors)
'
' (c) Copyright 2002, Microsoft Corporation, All Rights Reserved
' Proprietary and confidential to Microsoft Corporation
'*************************************************************************
Dim owParams, IsTargetAgentless,TargetFQDNComputer, oAPI, bLogSuccess, oBag, ComputerAccount
IsTargetAgentless = false
Set oAPI = CreateObject("Mom.ScriptAPI")
Err.Clear
Sub Main()
On Error Resume Next
If Not(IsTargetAgentless) Then
Dim dtStart
dtStart = Now()
Set owParams = WScript.Arguments
if owParams.Count < 3 Then
Wscript.quit -1
End if
TargetFQDNComputer = owParams(0)
bLogSuccess = CBool(owParams(1))'LogSuccessEvent
ComputerAccount = owParams(2)
' Get the computer account name and search for it, retrieving the
' userAccountControl property.
Dim strComputerAccount
strComputerAccount = ComputerAccount
' Bind to the rootDSE to get the default naming context
Dim oRootDSE
Set oRootDSE = GetObject("LDAP://" & TargetFQDNComputer & "/RootDSE")
If Err = 0 Then
' Construct the query string
Dim strQuery
strQuery = "<LDAP://" & TargetFQDNComputer & "/" & oRootDSE.Get("DefaultNamingContext") & _
">;(SAMAccountName=" & strComputerAccount & ");userAccountControl;subtree"
' Get an ADO connection object to do the search
Dim oADOConn
Set oADOConn = CreateObject("ADODB.Connection")
oADOConn.Provider = "ADSDsOObject"
oADOConn.Open "ADs Provider"
If Err = 0 Then
' Perform the search
Dim rsResults
Set rsResults = oADOConn.Execute(strQuery)
If Err = 0 Then
Dim bFoundAccount, State, EventID
bFoundAccount = False
State = "GOOD"
EventID = EVENT_ID_GOOD_STATE
Set oBag= oAPI.CreateTypedPropertyBag(StateDataType)
Do While Not rsResults.EOF
bFoundAccount = True
If rsResults.Fields("UserAccountControl") And &H2000 Then
' We have found a computer account that is a server trust account
' generate an event (manually because we want to set some
' specific fields) that will be turned into an alert.
State ="BAD"
EventID = EVENT_ID_BAD_STATE
Exit Do
End If
rsResults.MoveNext
Loop
If bLogSuccess = True Then
CreateEvent EVENT_ID_SUCCESS, EVENT_TYPE_INFORMATION, "The script '" & _
SCRIPT_NAME & "' completed in " & DateDiff("s", Now(), dtStart) & _
" seconds."
End If
Else
ScriptError "executing the search '" & strQuery & "'." & GetErrorString(Err)
End If
Else
ScriptError "creating the ADO Connection object." & GetErrorString(Err)
End If
Else
ScriptError "connecting to the RootDSE. (" & "LDAP://" & TargetFQDNComputer & "/RootDSE" & ")" & GetErrorString(Err)
End If
'Else
' CreateEvent EVENT_ID_EVENT_RULE_ONLY, EVENT_TYPE_WARNING, "The script '" & _
' SCRIPT_NAME & "' can only be run by event 5723 from NetLogon."
'End If
Else
CreateEvent EVENT_ID_AGENTLESS, EVENT_TYPE_ERROR, "The AD Management Pack does not support the agentless management mode." & vbCrLf & _
"The script '" & SCRIPT_NAME & "' will not execute." & vbCrLf & _
"To prevent this alert being generated again, either change the monitoring " & _
"mode of this computer to agent-managed " & _
"or disable the rule that generated this alert."
End If
End Sub
'******************************************************************************
Sub ScriptError(strError)
'
' Purpose: Records a script error.
'
' Parameters: strError, the description of the error to record
'
CreateEvent EVENT_ID_SCRIPT_ERROR, EVENT_TYPE_WARNING, "The script '" & SCRIPT_NAME & _
"' failed while " & strError
End Sub
'******************************************************************************
Function GetErrorString(oErr)
'
' Purpose: Attempts to find the description for an error if an error with
' no description is passed in.
'
' Parameters: oErr, the error object
'
' Return: String, the description for the error. (Includes the error code.)
'
Dim lErr, strErr
lErr = oErr
strErr = oErr.Description
On Error Resume Next
If 0 >= Len(strErr) Then
' If we don't have an error description, then check to see if the error
' is a 0x8007xxxx error. If it is, then look it up.
Const ErrorMask = &HFFFF0000
Const HiWord8007 = &H80070000
Const LoWordMask = 65535 ' This is equivalent to 0x0000FFFF
If (lErr And ErrorMask) = HiWord8007 Then
' Attempt to use 'net helpmsg' to get a description for the error.
Dim oShell
Set oShell = CreateObject("WScript.Shell")
If Err = 0 Then
Dim oExec
Set oExec = oShell.Exec("net helpmsg " & (lErr And LoWordMask))
Dim strMessage, i
Do
strMessage = oExec.stdout.ReadLine()
i = i + 1
Loop While (Len(strMessage) = 0) And (i < 5)
strErr = strMessage
End If
End If
End If
GetErrorString = vbCrLf & "The error returned was: '" & strErr & "' (0x" & Hex(lErr) & ")"
End Function
'******************************************************************************
Sub CreateEvent(lngEventID, lngEventType, strMessage)
'
' Purpose: To create a MOM event
'
' Arguments: lngEventID, the event ID
' lngEventType, the event type (see values at top of file)
' strMessage, the message text for the event
'
oAPI.LogScriptEvent "AD Validate Server Trust Event", lngEventID, lngEventType, strMessage
End Sub
Home
TRK 
Show References: