Using IADsTools

The IADsTools DLL contains over 180 functions (see the full list in Appendix D), which administrators can use when performing various tasks - from retrieving some domain configuration data to triggering replication of a directory partition. This facility is not supported, so you may refrain from using a function if you encounter problems.

We will consider only a few examples of using IADsTools for scripting administrative tasks. You can easily expand their basic approach to other functions.

Initiating Replication

To force replication that meets specific requirements, it is possible to write a command file that uses the RepAdmin utility. IADsTools allow you to write a more customizable script that will perform the same task and maybe, some others. The following example illustrates how to initiate replication of a directory partition (shown in bold) between two domain controllers.

Listing 17.17. initReplication.vbs — Replicating the Configuration Partition from One DC to Another

start example
    Dim objDLL 'As Object    Dim intResult 'As Long    Dim strDestDC, strSrcDC 'As String    strDestDC = ""    strSrcDC = ""    Set objDLL = CreateObject ("IADsTools.DCFunctions")    ' Initiate inter-domain replication of the configuration container    intResult = objDLL.ReplicaSync(CStr (strDestDC), _                CStr ("CN=Configuration,DC=net,DC=dom"), CStr (strSrcDC))    If intResult = 0 Then      MsgBox "Replication" + vbCrLf + " FROM " + strSrcDC + vbCrLf + _             " TO " + strDestDC + vbCrLf + _             "has been completed SUCCESSFULLY."    Else      MsgBox "Replication FAILED! "    End If 
end example

Note that the script waits until the replication process has been completed.

Triggering Knowledge Consistency Checker (KCC)

To manually start the topology generation on a specific DC, you can start the Active Directory Sites and Services snap-in, select the NTDS Settings object for the DC, open the context menu, and click Check Replication Topology in the All Tasks submenu. The following script will accomplish the same operation:

Listing 17.18. TriggerKCC.vbs — Manually Triggering the Knowledge Consistency Checker (KCC)

start example
    Set comDLL=CreateObject ("IADsTools.DCFunctions")    intResult=comDLL.TriggerKCC ("NETDC1")    If intResult=0 then MsgBox "KCC has been triggered successfully." _       else MsgBox "Failed" 
end example

Viewing the Flags of a Domain Controller

IADsTools have many functions that allow administrators to gather information about the configuration of Active Directory. For example, here is a script that displays the flags, i.e., the functional roles, for a specified DC. You can get the same information by entering nltest /dsGetDC: <domainName> at the command prompt. (For additional information on Nltest, see Chapter 11, "Verifying Network and Distributed Services.")

Listing 17.19. getDcInfo.vbs — Getting a Domain Controller's Flags

start example
    Dim strDomainName 'As String    Dim strDCName 'As String    Dim objDLL 'As Object    Dim intReturn 'As Long    Dim strFlags 'As String    strDomainName = InputBox ("Domain:", "Enter the name of a domain", _                                         "net.dom" )    strDCName = InputBox("Domain controller:", "Enter the name of a DC", _                                               "")    Set objDLL = CreateObject ("IADsTools.DCFunctions")    On Error Resume Next    intReturn = objDLL.DsGetDcName(CStr (strDomainName), CStr (strDCName) )    If intReturn <> 0 Then    WScript.Echo "Error # " + Hex (Err.Number)    Else      strFlags = Replace(objDLL.ReturnedFlags, vbCr, vbCrLf + vbTab)    WScript.Echo "Flags for server " + objDLL.DCName + " : "    WScript.Echo vbTab + strFlags      End If 
end example

Here is a sample output of this script:

    Flags for server            DS_PDC_FLAG            DS_GC_FLAG            DS_DS_FLAG            DS_KDC_FLAG            DS_TIMESERV_FLAG            DS_CLOSEST_FLAG            DS_WRITABLE_FLAG            DS_GOOD_TIMESERV_FLAG            DS_PING_FLAGS            DS_DNS_CONTROLLER_FLAG            DS_DNS_DOMAIN_FLAG            DS_DNS_FOREST_FLAG 

Finding FSMO Role Owners

IADsTools have specific methods that return the names of FSMO masters. You need only one statement per FSMO master. In the following script, the domain and DC names are "hardwired" into the script, but you may want to enter them interactively (as in the previous example).

Listing 17.20. getFSMOs.vbs - Asking a DC for the Known FSMO Role Owners

start example
    Dim strDomainName 'As String    Dim strDcName 'As String    Dim objDLL 'As Object    strDcName = ""         'any DC name    strDomainName = ""     'requested domain    Set objDLL = CreateObject ( "IADsTools.DCFunctions")    WScript.Echo "Schema Master:          ", _                              objDLL.GetSchemaFSMO (CStr (strDcName) )    WScript. Echo "Domain naming Master:  ", _                              objDLL.GetDomainNamingFSMO (CStr (strDcName) )    WScript.Echo "PDC Master: ",_        objDLL.GetPdcFSMO(CStr (strDcName), CStr (strDomainName) )    WScript.Echo "Infrastructure Master: ", _        objDLL.GetInfrastructureFSMO (CStr (strDcName), CStr (strDomainName) )    WScript.Echo "RID Master: ",_        objDLL.GetRidPoolFSMO(CStr (strDcName), CStr (strDomainName) ) 
end example

This script produces an output similar to the following (the "Site\Server" format is used):

    Schema Master:              NET-Site\NETDC1    Domain naming Master:       NET-Site\NETDC1    PDC Master:                 Remote-Site\NETDC2    Infrastructure Master:      Remote-Site\NETDC2    RID Master:                 Remote-Site\NETDC2 

From this output you can see that the server NETDC2 (Remote-Site) owns three FSMO roles in its own domain, while the server NETDC1 (NET-site) owns two for-est-wide FSMO roles.

Various Operations

The following script contains a few more quite different examples of using IADsTools functions. Some screen outputs are placed below.

Listing 17.21. iADsTools.vbs — Various Examples of Using the IADsTools ActiveX Object

start example
    Dim comDLL 'As Object    Dim i, intResult 'As Integer    Set comDLL = Createobject ("IADsTools. DCFunctions")    '***** Displaying some metadata information for a directory object    '      stored on the specified DC:    intResult = comDLL. GetMetaData ("netdc1 .net. dom", _                                "CN=Sites, CN=Configuration, DC=net, DC=dom")    WScript.Echo "Attribute  *  Local USN  *  Version"    For i = 1 To intResult      WScript. Echo comDLL. MetaDataName (i) + ":" + _                    CStr (comDLL. MetaDataLocalUSN (i)) + " " + _                    CStr (comDLL. MetaDataVersionNumber (i))    Next    '***** Sending a message to a network computer (    intResult = comDLL.NetSendMessage("", _             "Domain Administrator", "XP-PRO3 will be rebooted in 30 sec!")    '***** Enumerating all GC servers advertised in the forest:    intResult = comDLL. GetGCList ("")    WScript. Echo "GC servers (total): " + CStr (intResult)    For i = 1 To intResult       WScript .Echo comDLL. GCName (i)    Next 
end example

Here is a sample output of metadata for a directory object:

    Attribute * Local USN * Version    objectclass: 1165 1    cn: 150104 2    instanceType: 150105 100001    whenCreated: 150105 100001    showInAdvancedViewOnly: 150105 100001    nTSecurityDescriptor: 150105 100001    name: 150104 100001    systemFlags: 150105 100001    objectCategory: 150105 100001 

You can obtain the same data by using the Ldp.exe tool and the repachin / showmeta command.

IADsTools provide a very easy way to find all GC servers in the enterprise. The example script produces a result similar to the following:

    GC servers (total) : 2    NETDC1    NETDC2 

Windows  .NET Domains & Active Directory
Windows .NET Server 2003 Domains & Active Directory
ISBN: 1931769001
EAN: 2147483647
Year: 2002
Pages: 154 © 2008-2017.
If you may any questions please contact us: