#86069 - 2002-06-14 05:44 PM
Re: Synchronise Domain
|
Anonymous
Anonymous
Unregistered
|
Reading up on DSREPLICASYNC (and DSREPLICASYNCALL) it seems to be very AD specific in that it is talking about replicating with all servers in the site. Will this call work for an NT Domain?
Does anyone know how to call this from WSH or VBScript? Recent posts on WSHPipe might enable me to achieve this in a roundabout fashion ![[Smile]](images/icons/smile.gif)
|
|
Top
|
|
|
|
|
#86070 - 2002-06-14 05:53 PM
Re: Synchronise Domain
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I know you don't want non-COM stuff but at least you can do this remotely via a local SHELL.
nltest.exe /server:YourRemoteCompter /sync
or
nltest.exe /server:YourRemoteCompter /repl quote:
Usage: nltest [/OPTIONS]
/SERVER: - Specify
/QUERY - Query netlogon service
/REPL - Force partial sync on BDC
/SYNC - Force full sync on BDC
/PDC_REPL - Force UAS change message from PDC
/SC_QUERY: - Query secure channel for on
/SC_RESET:[\] - Reset secure channel for on to /SC_CHANGE_PWD: - Change a secure channel password for on
/DCLIST: - Get list of DC's for
/DCNAME: - Get the PDC name for
/DSGETDC: - Call DsGetDcName /PDC /DS /DSP /GC /KDC
/TIMESERV /GTIMESERV /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG
/SITE: /ACCOUNT: /RET_DNS /RET_NETBIOS
/DSGETSITE - Call DsGetSiteName
/DSGETSITECOV - Call DsGetDcSiteCoverage
/PARENTDOMAIN - Get the name of the parent domain of this machine
/WHOWILL:* [] - See if will log on
/FINDUSER: - See which trusted domain will log on
/TRANSPORT_NOTIFY - Notify netlogon of new transport
/DBFLAG: - New debug flag
/USER: - Query User info on
/TIME: - Convert NT GMT time to ascii
/LOGON_QUERY - Query number of cumulative logon attempts
/DOMAIN_TRUSTS - Query domain trusts on
/PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V
/DSDEREGDNS: - Deregister DNS records for specified host
/DOM: /DOMGUID: /DSAGUID:
/BDC_QUERY: - Query replication status of BDCs for
/SIM_SYNC: - Simulate full sync replication
/LIST_DELTAS: - display the content of given change log file
/SHUTDOWN: [] - Shutdown for
/SHUTDOWN_ABORT - Abort a system shutdown
[ 14 June 2002, 17:53: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#86071 - 2002-06-14 06:02 PM
Re: Synchronise Domain
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
As a side to this issue, I have never been able to use OpenDSObject in my Perl OLE stuff because I could never satify the NULL require as the third parameter to OpenDSObject. I tried every thing imaginable. M$ engineer suggested I use3 VB (vbNullString) or C++ ((void*)0). Can you get any farther by just executing code under an account with Admin perms and using GetObject which uses the security context of the current user?
|
|
Top
|
|
|
|
|
#86072 - 2002-06-14 06:05 PM
Re: Synchronise Domain
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
About this OpenDSObject stuff, yeah, the WinNT provider does support that. In fact, I just ran this script (from a Domain User Account), that TOGGLES the disabled on/off for a given user:
break on
$dso = GetObject("WinNT:")
$user = $dso.OpenDSObject("WinNT://@LDOMAIN/SHAWN.TEST,USER", "shawn.tassie", "password" , 0)
?"disabled=" $user.accountdisabled
$user.accountdisabled = $user.accountdisabled = 0
$user.setinfo
?"disabled=" $user.accountdisabled
exit 1
The output from that was:
M:\>kix32 t
disabled=0
disabled=-1
0
The operation completed successfully.
M:\>
Run a second time:
M:\>kix32 t
disabled=-1
disabled=0
0
The operation completed successfully.
M:\>
Now, the machine I ran this on was joined to the domain in question, could this be a diff ? Because if memory serves, there are issues when crossing domain boundaries - may this be the problem. I think Bryce has researched this issue throughly (ie, invested much time in getting it to work), would be nice to get some thoughts from da-man.
[ 14 June 2002, 18:08: Message edited by: Shawn ]
|
|
Top
|
|
|
|
|
#86073 - 2002-06-14 06:29 PM
Re: Synchronise Domain
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
The more I look at this, the more I don't think there is a route from point A (getting the OpenDSObject method to work) to point B (doing something useful with the SAM database). However, this seems to be a good exercise, nevertheless. (DSBIND and others are FUNCTIONS, not methods, properties, or objects.)
Brian
|
|
Top
|
|
|
|
|
#86074 - 2002-06-14 07:16 PM
Re: Synchronise Domain
|
Anonymous
Anonymous
Unregistered
|
The only real benefit to OpenDSObject is that you can bind with alternate credentials. This of course means a script with plain text userid and password (for an account that presumably has some kind of admin rights).
I personally don't think that I would use it...
Thanks to Howard (again) - NLTest is almost perfect. I just ran it with the /SYNC option and forced a BDC to transfer the entire SAM from the PDC (Ooops, better use /REPL next time )
I would have liked a COM solution, but NLTest is fine too.
Michael.
|
|
Top
|
|
|
|
|
#86075 - 2002-08-07 01:57 PM
Re: Synchronise Domain
|
Anonymous
Anonymous
Unregistered
|
Hi Brian,
You have probably seen this already:
ADS Authentication Enum
I was having trouble getting OpenDSObject working as well (different project) and then tried adding ADS_SERVER_BIND (512) as I had seen it in some example Microsoft code. It now works for me - might be worth trying...
HTH,
Michael.
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 533 anonymous users online.
|
|
|
