The IADsTools DLL contains over 180 functions (see the full list in Appendix D), which administrators can use when performing various tasks - from retrieving some domain configuration data to triggering replication of a directory partition. This facility is not supported, so you may refrain from using a function if you encounter problems.
We will consider only a few examples of using IADsTools for scripting administrative tasks. You can easily expand their basic approach to other functions.
To force replication that meets specific requirements, it is possible to write a command file that uses the RepAdmin utility. IADsTools allow you to write a more customizable script that will perform the same task and maybe, some others. The following example illustrates how to initiate replication of a directory partition (shown in bold) between two domain controllers.
Listing 17.17. initReplication.vbs — Replicating the Configuration Partition from One DC to Another
Dim objDLL 'As Object Dim intResult 'As Long Dim strDestDC, strSrcDC 'As String strDestDC = "netdc2.subdom.net.dom" strSrcDC = "netdc1.net.dom" Set objDLL = CreateObject ("IADsTools.DCFunctions") ' Initiate inter-domain replication of the configuration container intResult = objDLL.ReplicaSync(CStr (strDestDC), _ CStr ("CN=Configuration,DC=net,DC=dom"), CStr (strSrcDC)) If intResult = 0 Then MsgBox "Replication" + vbCrLf + " FROM " + strSrcDC + vbCrLf + _ " TO " + strDestDC + vbCrLf + _ "has been completed SUCCESSFULLY." Else MsgBox "Replication FAILED! " End If
Note that the script waits until the replication process has been completed.
To manually start the topology generation on a specific DC, you can start the Active Directory Sites and Services snap-in, select the NTDS Settings object for the DC, open the context menu, and click Check Replication Topology in the All Tasks submenu. The following script will accomplish the same operation:
Listing 17.18. TriggerKCC.vbs — Manually Triggering the Knowledge Consistency Checker (KCC)
Set comDLL=CreateObject ("IADsTools.DCFunctions") intResult=comDLL.TriggerKCC ("NETDC1") If intResult=0 then MsgBox "KCC has been triggered successfully." _ else MsgBox "Failed"
IADsTools have many functions that allow administrators to gather information about the configuration of Active Directory. For example, here is a script that displays the flags, i.e., the functional roles, for a specified DC. You can get the same information by entering nltest /dsGetDC: <domainName> at the command prompt. (For additional information on Nltest, see Chapter 11, "Verifying Network and Distributed Services.")
Listing 17.19. getDcInfo.vbs — Getting a Domain Controller's Flags
Dim strDomainName 'As String Dim strDCName 'As String Dim objDLL 'As Object Dim intReturn 'As Long Dim strFlags 'As String strDomainName = InputBox ("Domain:", "Enter the name of a domain", _ "net.dom" ) strDCName = InputBox("Domain controller:", "Enter the name of a DC", _ "netdc1.net.dom") Set objDLL = CreateObject ("IADsTools.DCFunctions") On Error Resume Next intReturn = objDLL.DsGetDcName(CStr (strDomainName), CStr (strDCName) ) If intReturn <> 0 Then WScript.Echo "Error # " + Hex (Err.Number) Else strFlags = Replace(objDLL.ReturnedFlags, vbCr, vbCrLf + vbTab) WScript.Echo "Flags for server " + objDLL.DCName + " : " WScript.Echo vbTab + strFlags End If
Here is a sample output of this script:
Flags for server netdc1.net.dom: DS_PDC_FLAG DS_GC_FLAG DS_DS_FLAG DS_KDC_FLAG DS_TIMESERV_FLAG DS_CLOSEST_FLAG DS_WRITABLE_FLAG DS_GOOD_TIMESERV_FLAG DS_PING_FLAGS DS_DNS_CONTROLLER_FLAG DS_DNS_DOMAIN_FLAG DS_DNS_FOREST_FLAG
IADsTools have specific methods that return the names of FSMO masters. You need only one statement per FSMO master. In the following script, the domain and DC names are "hardwired" into the script, but you may want to enter them interactively (as in the previous example).
Listing 17.20. getFSMOs.vbs - Asking a DC for the Known FSMO Role Owners
Dim strDomainName 'As String Dim strDcName 'As String Dim objDLL 'As Object strDcName = "netdc1.net.dom" 'any DC name strDomainName = "subdom.net.dom" 'requested domain Set objDLL = CreateObject ( "IADsTools.DCFunctions") WScript.Echo "Schema Master: ", _ objDLL.GetSchemaFSMO (CStr (strDcName) ) WScript. Echo "Domain naming Master: ", _ objDLL.GetDomainNamingFSMO (CStr (strDcName) ) WScript.Echo "PDC Master: ",_ objDLL.GetPdcFSMO(CStr (strDcName), CStr (strDomainName) ) WScript.Echo "Infrastructure Master: ", _ objDLL.GetInfrastructureFSMO (CStr (strDcName), CStr (strDomainName) ) WScript.Echo "RID Master: ",_ objDLL.GetRidPoolFSMO(CStr (strDcName), CStr (strDomainName) )
This script produces an output similar to the following (the "Site\Server" format is used):
Schema Master: NET-Site\NETDC1 Domain naming Master: NET-Site\NETDC1 PDC Master: Remote-Site\NETDC2 Infrastructure Master: Remote-Site\NETDC2 RID Master: Remote-Site\NETDC2
From this output you can see that the server NETDC2 (Remote-Site) owns three FSMO roles in its own domain, while the server NETDC1 (NET-site) owns two for-est-wide FSMO roles.
The following script contains a few more quite different examples of using IADsTools functions. Some screen outputs are placed below.
Listing 17.21. iADsTools.vbs — Various Examples of Using the IADsTools ActiveX Object
Dim comDLL 'As Object Dim i, intResult 'As Integer Set comDLL = Createobject ("IADsTools. DCFunctions") '***** Displaying some metadata information for a directory object ' stored on the specified DC: intResult = comDLL. GetMetaData ("netdc1 .net. dom", _ "CN=Sites, CN=Configuration, DC=net, DC=dom") WScript.Echo "Attribute * Local USN * Version" For i = 1 To intResult WScript. Echo comDLL. MetaDataName (i) + ":" + _ CStr (comDLL. MetaDataLocalUSN (i)) + " " + _ CStr (comDLL. MetaDataVersionNumber (i)) Next '***** Sending a message to a network computer (xp-pro3.net.dom): intResult = comDLL.NetSendMessage("xp-pro3.net.dom", _ "Domain Administrator", "XP-PRO3 will be rebooted in 30 sec!") '***** Enumerating all GC servers advertised in the forest: intResult = comDLL. GetGCList ("netdc1.net.dom") WScript. Echo "GC servers (total): " + CStr (intResult) For i = 1 To intResult WScript .Echo comDLL. GCName (i) Next
Here is a sample output of metadata for a directory object:
Attribute * Local USN * Version objectclass: 1165 1 cn: 150104 2 instanceType: 150105 100001 whenCreated: 150105 100001 showInAdvancedViewOnly: 150105 100001 nTSecurityDescriptor: 150105 100001 name: 150104 100001 systemFlags: 150105 100001 objectCategory: 150105 100001
You can obtain the same data by using the Ldp.exe tool and the repachin / showmeta command.
IADsTools provide a very easy way to find all GC servers in the enterprise. The example script produces a result similar to the following:
GC servers (total) : 2 NETDC1 NETDC2