DirectoryService.vbs - Directory Service checking using ActiveXperts Network Monitor
ActiveXperts Network Monitor ships with a powerful set of pre-defined checks. Each individual check has a static number of configuration items. To monitor other items, or to combine monitoring items, you can make use of custom VBScript checks.
Most of the built-in checks have a VBScript equivalent, implemented as a Function in a VBScript (.vbs) file. Out-of-the-box, each VBScript function monitors the same items as the built-in check. Feel free to modify a function. The VBScript check can be customized by editing the VBScript function.
To add a new VBScript-based Directory Service monitoring check, do the following:
- On the 'Monitor menu', click 'New Monitoring Check (VBScript)'. The 'VBScript Check' dialog box appears;
- In the 'File selection box', select 'DirectoryService.vbs';
- In the 'Function selection box', select one of the functions, for instance: 'CheckDirectorySize' or 'CountFiles';
- In the 'Function parameters group box' enter the required parameters. You can also load a working sample first by clicking on the 'Load a sample, click here' link.
To customize the above monitoring check, click on the 'Edit button' next to the 'File selection box'. Notepad will be launched. You can now make changes to the VBScript function(s).
DirectoryService.vbs script source code
' ///////////////////////////////////////////////////////////////////////////////
' // ActiveXperts Network Monitor - VBScript based checks
' // (c) ActiveXperts Software B.V.
' //
' // For more information about ActiveXperts Network Monitor and VBScript, please
' // visit the online ActiveXperts Network Monitor VBScript Guidelines at:
' // https://www.activexperts.com/support/network-monitor/online/vbscript/
' //
' ///////////////////////////////////////////////////////////////////////////////
'
Option Explicit
Const retvalUnknown = 1
Dim SYSDATA, SYSEXPLANATION ' Used by Network Monitor, don't change the names
' ///////////////////////////////////////////////////////////////////////////////
' // To test a function outside Network Monitor (e.g. using CSCRIPT from the
' // command line), remove the comment character (') in the following 5 lines:
' Dim bResult
' bResult = CheckAccountDisabled( "localhost", "Guest" )
' WScript.Echo "Return value: [" & bResult & "]"
' WScript.Echo "SYSDATA: [" & SYSDATA & "]"
' WScript.Echo "SYSEXPLANATION: [" & SYSEXPLANATION & "]"
' ////////////////////////////////////////////////////////////////////////////////////////
Function CheckAccountDisabled( strDomain, strAccount )
' Description:
' Check if the user account specified by strAccount on domain strDomain is disabled
' Parameters:
' 1) strDomain As String - Domain that holds the user account
' 2) strAccount As String - User account name
' Usage:
' CheckAccountDisabled( "<Domain>", "<Domain Account>" )
' Sample:
' CheckAccountDisabled( "DOMAIN01", "Guest" )
Dim objUser
CheckAccountDisabled = retvalUnknown ' Set initial return value
SYSDATA = "" ' Not used in this function
SYSEXPLANATION = "" ' Set initial value
On Error Resume Next
Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
If( Err.Number <> 0 ) Then
CheckAccountDisabled = retvalUnknown
SYSEXPLANATION = "Account '" & strDomain & "\" & strAccount & "' could not be found"
Exit Function
End If
On Error Goto 0
If( objUser.AccountDisabled ) Then
CheckAccountDisabled = True
SYSEXPLANATION = "Account [" & objUser.Name & "] is disabled"
Else
CheckAccountDisabled = False
SYSEXPLANATION = "Account [" & objUser.Name & "] is enabled"
End If
End Function
' ////////////////////////////////////////////////////////////////////////////////////////
Function CheckAccountLocked( strDomain, strAccount )
' Description:
' Check if the user account specified by strAccount on domain strDomain is locked
' Parameters:
' 1) strDomain As String - Domain that holds the user account
' 2) strAccount As String - User account name
' Usage:
' CheckAccountLocked( "<Domain>", "<Domain Account>" )
' Sample:
' CheckAccountLocked( "DOMAIN01", "Guest" )
Dim objUser
CheckAccountLocked = retvalUnknown ' Set initial return value
SYSDATA = "" ' Not used in this function
SYSEXPLANATION = "" ' Set initial value
On Error Resume Next
Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
If( Err.Number <> 0 ) Then
CheckAccountLocked = retvalUnknown
SYSEXPLANATION = "Account '" & strDomain & "\" & strAccount & "' could not be found"
Exit Function
End If
On Error Goto 0
If( objUser.IsAccountLocked ) Then
CheckAccountLocked = True
SYSEXPLANATION = "Account [" & objUser.Name & "] is locked"
Else
CheckAccountLocked = False
SYSEXPLANATION = "Account [" & objUser.Name & "] is not locked"
End If
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function CheckGroupMembership( strDomain, strGroup, strUser )
' Description:
' Check if a user, specified by strUser, is member of group strGroup on domain strDomain
' Parameters:
' 1) strDomain As String - Domain that holds the user- and group account
' 2) strGroup As String - Domain group name
' 3) strUser As String - User name
' Usage:
' CheckGroupMembership( "<Domain>", "<Domain Group>", "<Domain Account>" )
' Sample:
' CheckGroupMembership( "DOMAIN01", "Guests", "Guest" )
Dim objGroup, objUser
CheckGroupMembership = retvalUnknown ' Set initial return value
SYSDATA = "" ' Not used in this function
SYSEXPLANATION = "" ' Set initial value
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
If( Err.Number <> 0 ) Then
CheckGroupMembership = retvalUnknown
SYSEXPLANATION = "Domain or group not found"
Exit Function
End If
On Error Goto 0
For Each objUser in objGroup.Members
If( Err.Number <> 0 ) Then
CheckGroupMembership = False
SYSEXPLANATION = "Unable to list group members"
Exit Function
End If
If( UCase( objUser.Name ) = UCase( strUser ) ) Then
CheckGroupMembership = True
SYSEXPLANATION = "[" & strUser & "] is member of group [" & strGroup & "]"
Exit Function
End If
Next
CheckGroupMembership = False
SYSEXPLANATION = "[" & strUser & "] is NOT member of group [" & strGroup & "]"
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function CheckLDAPServer( strServer, strCredentials, strExpected )
' Description:
' Query an LDAP server and match the response
' Parameters:
' 1) strServer As String - Server to send the LDAP query to
' 2) strCredentials As String - Specify an empty string to use Metwork Monitor service credentials.
' To use alternate credentials, enter a server that is defined in Server Credentials table.
' (To define Server Credentials, choose Tools->Options->Server Credentials)' Usage:
' 3) strExpected As String - Expected response
' Usage:
' CheckLDAPServer( "<Hostname | IP>", "", "<Expected Response>" )
On Error Resume Next
Dim objLDAP, strPath
CheckLDAPServer = retvalUnknown ' Set initial return value
SYSDATA = "" ' Not used in this function
SYSEXPLANATION = "" ' Set initial value
If( strCredentials <> "" ) Then
If( Not login( strCredentials, SYSEXPLANATION ) ) Then
Exit Function
End If
End If
Set objLDAP = GetObject( "LDAP://" & strServer & "/RootDse" )
If( objLDAP Is Nothing ) Then
SYSEXPLANATION = "LDAP query failed"
Else
CheckLDAPServer = True
strPath = objLDAP.get( "DefaultNamingContext" )
If( InStr( strPath , strExpected ) <> 0 ) Then
CheckLDAPServer = True
SYSEXPLANATION = "LDAP server was queried, response=[" & strPath &"] matched string [" & strExpected & "]"
Else
CheckLDAPServer = False
SYSEXPLANATION = "LDAP server was queried, response=[" & strPath &"] did not match string [" & strExpected & "]"
End If
End If
If( strCredentials <> "" ) Then
logout( strCredentials )
End If
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function VerifyGroupMembers( strDomain, strGroup, strMemberList )
' Description:
' Check all members of strGroup. If an element of this group is not member of the strMemberList, then False is returned.
' Use it to check if the Domain Admin or Enterpise Admin group has no unexpected members.
' Parameters:
' 1) strDomain As String - Domain that holds the user- and group account
' 2) strGroup As String - Domain group name
' 3) strUser As String - User name
' Usage:
' CheckGroupMembership( "<Domain>", "<Domain Group>", "<Domain User[,Domain User]*>" )
' Sample:
' CheckGroupMembership( "DOMAIN01", "Administrators", "Administrator,James,William" )
On Error Resume Next
Dim objGroup, objUser
Dim bMemberFound, arrUsers, i
VerifyGroupMembers = False ' Set initial return value
SYSDATA = "" ' Not used in this function
SYSEXPLANATION = "" ' Set initial value
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
If( Err.Number <> 0 ) Then
VerifyGroupMembers = retvalUnknown
SYSEXPLANATION = "Domain or group not found"
Exit Function
End If
arrUsers = Split( strMemberList, "," )
For Each objUser In objGroup.Members
If( Err.Number <> 0 ) Then
VerifyGroupMembers = retvalUnknown
SYSEXPLANATION = "Unable to list group members"
Exit Function
End If
bMemberFound = False
For i = 0 To UBound( arrUsers )
If( UCase( Trim( arrUsers(i) ) ) = UCase( Trim( objUser.Name ) ) ) Then
bMemberFound = True
Exit For
End If
Next
If( Not bMemberFound ) Then
VerifyGroupMembers = False
SYSEXPLANATION = "User [" & objUser.Name & "] is not allowed as a member of group [" & strGroup & "]"
Exit Function
End If
Next
VerifyGroupMembers = True
SYSEXPLANATION = "All members of group [" & strGroup & "] are allowed members"
End Function
' //////////////////////////////////////////////////////////////////////////////
Function login( strCredentials, strSysExplanation )
' Login function for non-WMI based checks.
Dim objCredentials, objRemoteServer
Dim strUsername, strPassword
login = False
Set objCredentials = CreateObject( "ActiveXperts.NMServerCredentials" )
Set objRemoteServer = CreateObject( "ActiveXperts.RemoteServer" )
strUsername = objCredentials.GetLogin( strCredentials )
strPassword = objCredentials.GetPassword( strCredentials )
If( strUsername = "" ) Then
login = False
strSysExplanation = "No alternate credentials defined for [" & strCredentials & "]. In the Manager application, select 'Options' from the 'Tools' menu and select the 'Server Credentials' tab to enter alternate credentials"
Exit Function
End If
objRemoteServer.Connect strCredentials, strUsername, strPassword
If( objRemoteServer.LastError <> 0 ) Then
login = False
strSysExplanation = "Login failed"
Exit Function
End If
login = True
End Function
' //////////////////////////////////////////////////////////////////////////////
Function logout( strCredentials )
' Logout function for non-WMI based checks.
Dim objRemoteServer
logout = False
Set objRemoteServer = CreateObject( "ActiveXperts.RemoteServer" )
objRemoteServer.Disconnect strCredentials
If( objRemoteServer.LastError <> 0 ) Then
logout = False
Exit Function
End If
logout = True
End Function