Open-AudIT

Greetings,

I'm in a complex multi-forest environment with many trusts. The net_domain_controller_name and net_domain_controller_address in the system table are not showing the correct values when auditing computers.

Here is the problem section of the code:

[code]Set colItems = objWMIService.ExecQuery("Select * from Win32_NTDomain",,48)
For Each objItem in colItems
net_client_site_name = objItem.ClientSiteName
net_domain_controller_address = objItem.DomainControllerAddress
net_domain_controller_name = objItem.DomainControllerName
Next
[/code]

Anyone see a problem here? Hint: what is the value of net_domain_controller_name after the code has run?

Yes, the value is the name of the last domain controller in the collection. In my case, this has nothing to do with the DC my client authenticates against.

In my case, I'm only auditing one domain (don't have rights in the others), and I don't really care what values are put in those fields. However, due to slow WAN connectivity to the other sites in the forest this section of code takes a very long time to run.

What I've done as a temporary solution is comment out the section of code to speed up the audit. This works well for me. I can see where others may want to have this feature work properly though. Is there a way to get the name of the logon server without iterating through all of the trusted domains?

Kevin

I can confirm that it's very slow retrieving those info when your domain has many external trusts and you are in a remote site with no DC.
You could try reading the %LOGONSERVER% environment variable to retrieve the domain controller name (or read the HKLM\software\Microsoft\Windows\CurrentVersion\Group Policy\History\DCName value, not sure, please try), clean it from "\\" chars and nslookup to retrieve its IP address.

_________________
Edoardo

I think this code is a fudge to get around the fact that AD under 2000 doesn't provide the information we require without looking at all of the DC info. (Under 2003 I think it does). I agree the code could be cleaner and faster, but I am not sure what would be the best (most reliable) way of doing this.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

I've actually just been working on this when I saw this post. This codehas always caused me a problem as the WMI query takes over 15 minutes to execute in our environment. In the past I've just commented the offending code out, but I think I have a solution, which I propose below. The code goes in around line 766 of audit.vbs.

[code]
' Get domain NetBIOS name from domain DNS name
domain_dn="DC=" & Replace(net_domain,".",",DC=")
Set oTranslate = CreateObject("NameTranslate")
hr = oTranslate.Init (3, "")
hr = oTranslate.Set (1, domain_dn)
domain_nb = oTranslate.Get(3)
domain_nb = Left(domain_nb,Len(domain_nb)-1)

On Error Resume Next
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTDomain WHERE DomainName='" & domain_nb & "'",,48)
For Each objItem in colItems
net_client_site_name = objItem.ClientSiteName
net_domain_controller_address = objItem.DomainControllerAddress
net_domain_controller_name = objItem.DomainControllerName
Next
[/code]

I've only tested on a few systems so far.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

Running that through on tonights audit. Have posted to SVN.

I am away till Tuesday, so if there are any issues, you can catch me then.

BTW this does seem to have sped up my Audit considerably.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]