Number of attempts to query time data before failing the monitor
Source Code:
<DataSourceModuleType ID="Microsoft.Windows.Server.10.0.AD.TimeSkew.DataSource" Accessibility="Internal" Batching="false">
<Configuration>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Frequency" type="xsd:int"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TimeoutSeconds" type="xsd:int"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Threshold" type="xsd:int"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Iterations" type="xsd:int"/>
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="Frequency" Selector="$Config/Frequency$" ParameterType="int"/>
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>
<OverrideableParameter ID="Threshold" Selector="$Config/Threshold$" ParameterType="int"/>
<OverrideableParameter ID="Iterations" Selector="$Config/Iterations$" ParameterType="int"/>
</OverrideableParameters>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<DataSource ID="DS" TypeID="System!System.CommandExecuterPropertyBagSource">
<IntervalSeconds>$Config/Frequency$</IntervalSeconds>
<ApplicationName>%windir%\system32\cscript.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>//nologo $file/AD_Time_Skew.vbs$ $Config/Threshold$ $Config/Iterations$</CommandLine>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>AD_Time_Skew.vbs</Name>
<Contents><Script>'*************************************************************************
' Script Name - AD Time Skew Detection
'
' Purpose - Compares the time on the local server against the time
' on the PDC. If it is above the configured threshold,
' an alert will be raised.
'
' (c) Copyright 2014, Microsoft Corporation, All Rights Reserved
' Proprietary and confidential to Microsoft Corporation
'*************************************************************************
Option Explicit
SetLocale("en-us")
Sub Main()
Dim tmScriptStart, oBag, oAPI, oParams, sError, iThreshold, oNTInfo, iRetryMax
'Variables for time on local machine
Dim strLocalServer, LocalRootDSE, strLocalTime, tmLocal
'Variables for time on PDC
Dim strTimeServer, TimeRootDSE, strTimeTime, tmTime
'Vars for getting the PDC FSMO
Dim ADOconnObj, bstrADOQueryString, RootDom, RSObj, FSMOobj
Dim CompNTDS, LocalPDC, RootPDC, strLocalPDC
Dim iSecondsDiff
Set oParams = WScript.Arguments
Set oAPI = CreateObject("Mom.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
If oParams.Count < 2 Then
sError = "The number of command line arguments is incorrect: " & vbCrLf & _
"Expected: 2" & vbCrLf & _
"Actual: " & oParams.Count
set oNTInfo = CreateObject("WinNTSystemInfo")
strLocalServer = oNTInfo.ComputerName
tmScriptStart = Now
Set ADOconnObj = CreateObject("ADODB.Connection")
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to create ADODB Connection." & GetErrorString(Err)
Set RootDom = GetObjectWithRetry("LDAP://RootDSE", iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to contact Root DSE." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
' Locate the local PDC
bstrADOQueryString = "<LDAP://" & RootDom.Get("DnsHostName") & ">;(&(objectClass=domainDNS)(fSMORoleOwner=*));adspath;subtree"
Set RSObj = ADOconnObj.Execute(bstrADOQueryString)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to execute ADO query." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
Set FSMOobj = GetObjectWithRetry(RSObj.Fields(0).Value, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to locate local domain FSMO." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
Set CompNTDS = GetObjectWithRetry("LDAP://" & FSMOobj.fSMORoleOwner, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to query local domain FSMO role owner." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
Set LocalPDC = GetObjectWithRetry(CompNTDS.Parent, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to locate local domain PDC." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
strLocalPDC = LocalPDC.dnsHostName
' If we are the PDC of the local domain
If strLocalServer = strLocalPDC Then
'Get a DC in the root domain
Dim bstrRootDomainNamingContext
Dim strServer
bstrRootDomainNamingContext = RootDom.Get("rootDomainNamingContext")
Set FSMOobj = GetObjectWithRetry("LDAP://" & bstrRootDomainNamingContext, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to locate root domain naming context." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
strServer = FSMOobj.GetOption(0)
'Get the PDC of the root domain
Set CompNTDS = GetObjectWithRetry("LDAP://" & strServer & "/" & FSMOobj.fSMORoleOwner, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to query root domain FSMO role owner." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
Set RootPDC = GetObjectWithRetry(CompNTDS.Parent, iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to locate root domain PDC." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
strTimeServer = RootPDC.dnsHostName ' Use the forest root PDC
Else
strTimeServer = LocalPDC.dnsHostName ' Use the local PDC
End If
If strTimeServer = "" Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to locate the PDC as the time source."
Call oAPI.Return(oBag)
Exit Sub
End If
Set LocalRootDSE = GetObjectWithRetry("LDAP://" & strLocalServer & "/RootDSE", iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to contact " & strLocalServer & " to determine time." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
Set TimeRootDSE = GetObjectWithRetry("LDAP://" & strTimeServer & "/RootDSE", iRetryMax)
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to contact " & strTimeServer & " to determine time." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
strLocalTime = LocalRootDSE.Get("currentTime")
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to retrieve current time from " & strLocalServer & "." & GetErrorString(Err)
Call oAPI.Return(oBag)
Exit Sub
End If
strTimeTime = TimeRootDSE.Get("currentTime")
If Err Then
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", "Unable to retrieve current time from " & strTimeServer & "." & GetErrorString(Err)
If iSecondsDiff > iThreshold Then
sError = "Time check has found that the time on the current DC compared to the PDC is outside of the specified threshold." & vbCrLf & _
"The current time skew is " & iSecondsDiff & " second(s)." & vbCrLf & _
"Time skew threshold is " & iThreshold & " second(s)." & vbCrLf & _
"Time on local DC (" & strLocalServer & ") is " & tmLocal & vbCrLf & _
"Time on PDC (" & strTimeServer & ") is " & tmTime
oBag.AddValue "State", "BAD"
oBag.AddValue "ErrorString", sError
Else
oBag.AddValue "State", "GOOD"
End If
Call oAPI.Return(oBag)
End Sub
'******************************************************************************
' Name: GetObjectWithRetry
'
' Purpose: Gets object instance, retrying attempt iRetryMax times if GetObject fails
'
' Paramters: strObjectQuery, the string paramenter for GetObject
' iRetryMax, the integer parameter for retry iterations max
'
' Return: Object instance
'
Function GetObjectWithRetry(strObjectQuery, iRetryMax)
dim ret, iRetry
iRetry = 0
On Error Resume Next
Do
'Reset Err object
Err.Clear
'Attempt to get an object
Set ret = GetObject(strObjectQuery)
'If no errors then skip retry
If Err = 0 Then
Exit Do
End If
'Wait a sec before next attempt
wscript.sleep(1000)
iRetry = iRetry + 1
Loop While (iRetry < iRetryMax)
Set GetObjectWithRetry = ret
End Function
'******************************************************************************
Function ConvertTimeStamp(strUTCTime)
'
' Purpose: Convert a timestamp into a human-readable format
'
' Paramters: strUTCTime, the timestamp to be converted
'
dim sYear
dim sMonth
dim sDay
dim sHour
dim sMinute
dim sSecond
ConvertTimeStamp = sMonth & "/" & sDay & "/" & sYear & " " & sHour & ":" & sMinute & ":" & sSecond
End Function
'******************************************************************************
' Name: GetErrorString
'
' Purpose: Attempts to find the description for an error if an error with
' no description is passed in.
'
' Parameters: oErr, the error object
'
' Return: String, the description for the error. (Includes the error code.)
'
Function GetErrorString(oErr)
Dim lErr, strErr
lErr = oErr
strErr = oErr.Description
On Error Resume Next
If 0 >= Len(strErr) Then
' If we don't have an error description, then check to see if the error
' is a 0x8007xxxx error. If it is, then look it up.
Const ErrorMask = &HFFFF0000
Const HiWord8007 = &H80070000
Const LoWordMask = 65535 ' This is equivalent to 0x0000FFFF
If (lErr And ErrorMask) = HiWord8007 Then
' Attempt to use 'net helpmsg' to get a description for the error.
Dim oShell
Set oShell = CreateObject("WScript.Shell")
If Err = 0 Then
Dim oExec
Set oExec = oShell.Exec("net helpmsg " & (lErr And LoWordMask))
Dim strMessage, i
Do
strMessage = oExec.stdout.ReadLine()
i = i + 1
Loop While (Len(strMessage) = 0) And (i < 5)
strErr = strMessage
End If
End If
End If
GetErrorString = vbCrLf & vbCrLf & "The error returned was: '" & strErr & "' (0x" & Hex(lErr) & ")"
End Function
Home
Show References: