Using WMI to Monitor AD

Scripting Group Monitoring
The script to monitor Windows group modifications starts with command-line parameter definitions, as the code at callout A in Listing 1 shows. The script then includes a series of helper functions to handle some specific tasks during the script's execution. The helper functions, which callout B references, are

• the GenerateHTML() function, which generates an HTML representation of the information contained in a WMI instance
• the PauseScript() function, which executes a script pause by displaying a pop-up message on the screen
• the SendMessage() function, which uses Collaboration Data Objects (CDO) statements to create and send an SMTP message to a specific mailbox
• the TinyErrorHandler() function, which handles script execution errors

Next, the script creates a series of WMI objects, as the code at callout C shows. These objects establish the WMI connection to the root\directory\LDAP namespace and submit the WQL event query. By default, the script creates an objWMIdateTime object from the SWbemDateTime WMI COM object. This COM object, which is available only under Windows Server 2003 and Windows XP, converts the Distributed Management Task Force (DMTF) datetime format to a readable string. (More information about the DMTF datetime format is available at http://msdn.microsoft.com/library/en-us/wmisdk/wmi/date_and_time_format.asp.) If you must run the code under Win2K, you must change the line

<object progid="WbemScripting
.SWbemDateTime" id="objWMIDateTime" />

to

<object progid=" SWbemDateTime.WSC" 
id="objWMIDateTime" />

SWbemDateTime.wsc is a Windows Script Component (WSC) that emulates the WMI SWbemDateTime object under Win2K to provide a backward- compatibility path for platforms released before XP. You can get more information about the WMI SWbemDateTime object at http://msdn.microsoft.com/library/en-us/wmisdk/wmi/swbemdatetime.asp. For more information about the WSC scripts, you can read the article at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/html/scripting091399.asp.

The code at callout D defines a series of constants, including the default values for the computer name, the WMI namespace, and the WQL event query. Next, the script defines constants related to the SMTP parameters. You'll need to change the SMTP constant values to match your current environment to ensure that you receive email notifications from the script.