I'm finally taknig the time to soak in this ADSI stuff and I must say that it has payed off tremendously already!
Here's what we actively use at the moment (apart from checking if a user already exists before maknig an account and other small stuff), it's a script that monitors a couple of groups and reports any changes, and who made the changes. It's pretty crude because I wanted to finish it quickly but it works so.. any improvements are welcome by the way!
(but scripts with about three lines making this whole thing completely obsolete are less welcome.. *grin*)
It uses two executables by the way, a command-line smtp-mailer and the ntreskit tool dumpel.exe (dump eventlog)
code:
BREAK ON
$pad="c:\kix\GroupCheck"
$tools="$pad\tools"
$pdc="domain-pdc"
$CrLf=CHR(13)+CHR(10)
$pdcdown=0FUNCTION MakeIni($variable)
Dim $group
$group = GETOBJECT("WinNT://casema/$variable,group")
IF $group
$userarray=($group.members)
FOR EACH $member IN $userarray
$member=$member.name
$null=WRITEPROFILESTRING("$pad\CurrentUsers.ini","$variable","$member","1")
NEXT
ELSE
$pdcdown=1 GOTO sleeploop
ENDIF
ENDFUNCTION
FUNCTION Compare($variable,$whattocheck,$event1,$event2)
$Current=SPLIT(READPROFILESTRING("$pad\CurrentUsers.ini","$variable",""),CHR(10),-1)
$Last=SPLIT(READPROFILESTRING("$pad\$whattocheck.ini","$variable",""),CHR(10),-1)
FOR EACH $elem IN $Current
IF $elem="" GOTO removed ENDIF
$found=0
FOR EACH $usr IN $Last
IF $elem=$usr $found=1 ENDIF
NEXT
IF $found<>1
$event=$event1
GOSUB dumplog
$Write=$Write+"User $elem Added To $variable by $admin"+$CrLf
ENDIF
NEXT
:removed
FOR EACH $elem IN $Last
IF $elem="" GOTO endcompare ENDIF
$found=0
FOR EACH $usr IN $Current
IF $elem=$usr $found=1 ENDIF
NEXT
IF $found<>1
$event=$event2
GOSUB dumplog
$Write=$Write+"User $elem Removed From $variable by $admin"+$CrLf
ENDIF
NEXT
:dumplog
$user=""
SHELL '%comspec% /c $tools\dumpel -l security -m security -s $pdc -e $event | find /I "$variable" > $pad\output.txt'
$null=OPEN (2,output.txt)
DO
$regel=READLINE(2)
IF $regel="" GOTO enddumpfile ENDIF
$user= SIDTONAME(SUBSTR($regel,INSTR($regel,"S-1-5-21-123456789-123456789-123456789-"),46))
$user=SUBSTR($user,8,Len($user))
IF $user=$elem
$regelarr=SPLIT($regel," ",7)
$admin=SUBSTR($regelarr[6],8,Len($regelarr[6]))
ENDIF
UNTIL @error
IF $admin="" $admin = "Not Found" ENDIF
:enddumpfile
$null=CLOSE(2)
RETURN
:endcompare
ENDFUNCTION
FUNCTION MailSend()
$nul=OPEN(9,"$pad\mailfile.txt",5)
$nul=WRITELINE(9, $Write)
$nul=CLOSE(9)
SHELL '%comspec% /c $pad\tools\mail -s GroupCheck -r mailserver.com -a email@@domain.com < "$pad\mailfile.txt"'
DEL "$pad\mailfile.txt"
$write=""
ENDFUNCTION
:start
$pdcdown=0
$NoGlobals=VAL(READPROFILESTRING("$pad\groupcheck.ini","Globals","Number"))
$NoLocals=VAL(READPROFILESTRING("$pad\groupcheck.ini","Locals","Number"))
FOR $counter=1 TO $NoGlobals
$globalcur=READPROFILESTRING("$pad\groupcheck.ini","Globals","$counter")
MakeIni($globalcur)
Compare($globalcur,LastUsers,"632","633")
NEXT
FOR $counter=1 TO $NoLocals
$localcur=READPROFILESTRING("$pad\groupcheck.ini","Locals","$counter")
MakeIni($localcur)
Compare($localcur,LastUsers,"636","637")
NEXT
IF $write MailSend() ENDIF
DEL "$pad\Lastusers.ini"
SHELL '%comspec% /c REN $pad\CurrentUsers.ini LastUsers.ini'
:sleeploop
$sleepcounter=100
WHILE $sleepcounter>0
CLS
"This Script detects changes in group-membership"
? "Time left untill next check: " $sleepcounter
IF $pdcdown=1 ? "PDC IS DOWN, NO CHECK DONE!" ENDIF
SLEEP 1
$sleepcounter=$sleepcounter-1
LOOP
GOTO start
