Results 1 to 7 of 7
  1. #1
    4 Star Lounger
    Join Date
    Aug 2002
    Location
    Dallas, Texas, USA
    Posts
    594
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Triggers for Active Directory (VB)

    I posted this in the Servers forum, but no response yet. I'm looking for a programmatic solution, so I'm trying in this forum too:

    I've done a little here and there as far as interfacing with Active Directory programmatically. I've gotten pretty used to querying information. But I've always wondered if there was a way to set a trigger in Active Directory. I'll give you an example of what I am talking about.

    We are going to a new Anti-Spam process that is offsite. Our email is routed through another companies servers, and they only send us the non-spam. One of the 'settings' that we will eventually turn on, will have that external company drop anything not going to a valid email address within our company. ie, if John Smith has jsmith@mycompanysdomain.com as his email address, but there is no johns@mycompanysdomain.com, this external server will simply drop any addresses that it doesn't know are valid.

    One method of doing this is to let that external company 'query' our Active Directory. Personally, I wouldn't care about that, but my boss doesn't want that. So, instead, we will have to add these users to that anti-spam system whenever we add a new email address to a user, or create a new user in AD that has an email address (we're using Exchange 2003). If we create a user in AD, with a mailbox, they will NOT get any external emails until we (IT) update the anti-spam company with the new address (and user that has the address).

    Now, I know how to do this programmatically, but not the way I'd like. I could build an NT Service in VB, that checks Active Directory for new email addresses (and address to account associations) periodically. If I build the ADSI query right, I could probably get away with doing this once a minute. But what I would LIKE to do, is just have Active Directory 'alert' my program when a new address (or a change) has occurred. A trigger. In SQL Server, I can write a trigger for changes in a table. Does Active Directory have anything like this? I use AD a lot, but I've never run across a capability like this before.

    Thanks in Advance

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Triggers for Active Directory (VB)

    I sincerely hope that you'll get a reply here, but don't hold your breath. Most members who program work with MS Office, I fear that programming Active Directory is outside their scope (it is definitely outside mine).

  3. #3
    4 Star Lounger
    Join Date
    Aug 2002
    Location
    Dallas, Texas, USA
    Posts
    594
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Triggers for Active Directory (VB)

    Thanks Hans. I hope I get a reply too. I haven't found what I am looking for through google yet. I just need to know if it's possible.

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Triggers for Active Directory (VB)

    We add new users manually at the time of creation. Yes, there is a risk of missing a new alias, but users can tell us pretty quickly if they are unable to receive external email. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    With respect to AD, about which I understand very little, can you use auditing to log new/changed objects to an event log and then use a log-monitoring script/program to notify you of those event entries?

  5. #5
    4 Star Lounger
    Join Date
    Aug 2002
    Location
    Dallas, Texas, USA
    Posts
    594
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Triggers for Active Directory (VB)

    That's possible. Honestly, I have code that can get the data I am looking for. Wouldn't be hard to modify the code so that I can set it as a service to 'check' for changes by doing comparisons. I just don't want to have a service constantly checking AD. I actually have a service I wrote that does check AD for locked user accounts. Runs once a minute....very quick code. There are hooks for all sorts of things, was just hoping there was one for AD.

  6. #6
    3 Star Lounger
    Join Date
    Aug 2001
    Location
    Jeddah, Saudi Arabia
    Posts
    243
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Triggers for Active Directory (VB)

    (Edited by HansV to make URL clickable - see <!help=19>Help 19<!/help>)

    I have tried to do something similar to what you are doing only I wanted to connect our AD with our HR system. Same principal. I got the information below from a blog I found somewhere. (Don't ask me where, it was a while ago). It didn't help me but have a look and see, you never know.

    From the BLOG.
    The event notification system doesn't work like that. It would be nice if it did but it doesn't. The best you can get with event notification is alerted that there was a change on some part of the tree you are watching and no clue as to what that change was. It isn't the way you really want to do anything unless you are watching a very limited set of objects.

    If you need to do processing based on updates like that you should most likely do something with USN polling. It is one of the three methods MS describes for tracking changes in AD here http://msdn2.microsoft.com/en-us/library/ms677625.aspx
    End of BLOG stuff

    Onward and upward.

    Regards,
    Kevin Bell

  7. #7
    4 Star Lounger
    Join Date
    Aug 2002
    Location
    Dallas, Texas, USA
    Posts
    594
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Triggers for Active Directory (VB)

    This shows some promise. Unfortunately, I'm swamped today, I've added that site to my favorites. If I figure out a way to 'hook' into AD, I'll post my solution here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •