Event ID 6008 and CDO
Hi!
This is an extension of question posted "Event ID 6008 - Querying AD (2 scenarios)".
Id like to incorporate email capability into the following script:
==========================
'Query6008.vbs
Const EventID = 6008
Dim objRoot:Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
Set objOUs = GetObject(objDomain.adsPat
Dim objFSO:Set objFSO = CreateObject("Scripting.Fi
Dim objOutput:Set objOutput = objFso.CreateTextFile("C:\
Dim objRoot: Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
EnumOUs(objDomain.ADsPath)
objOutput.Close
Set objOutput=Nothing
Set objOUs=Nothing
Set objDomain=Nothing
Set objRoot=Nothing
Set objFSO=Nothing
wscript.quit
Sub EnumOUs(adspath)
Dim objOUs, OU
Set objOUs = GetObject(adspath)
objOUs.Filter = Array("OrganizationalUnit"
Call EnumUsers(objOUs.ADsPath)
For Each OU In objOUs
wscript.echo "Processing " & Replace(OU.Name, "OU=", "")
objOutput.WriteLine Replace(Ucase(OU.Name), "OU=", "")
Call EnumOUs(OU.ADsPath)
Next
End Sub
Sub EnumUsers(adspath)
Dim objServers:Set objServers = GetObject(adspath)
objUsers.Filter = Array("Computer")
objOutput.WriteLine
For Each Srv In objServers
If Instr(srv.cn, "TX001") > 0 Or Instr(srv.cn, "NP001") > 0 Then
x = 0
Set objWMI = GetObject("winmgmts:{imper
Set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' And EventCode=" & EventID)
For Each objEvent In colEvents
If x > 3 Then Exit For
objOutput.WriteLine strPC & "," & EventID & "," & objEvent.TimeWritten
x = x + 1
End If
Next
End If
Next
objOutput.WriteLine
End Sub
==========================
I have tested out at home cdo and tested sending myself test messages by using my isp's smtp server and successfully done this with attachments. The code for this is as follows:
==========================
Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).
Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM
Set objMessage = CreateObject("CDO.Message"
objMessage.Subject = "Example CDO Message"
objMessage.From = """Me"" <myEmailAddress put here>"
objMessage.To = "receivers EmailAddress put here"
objMessage.TextBody = "This is some sample message text.." & vbCRLF & "It was sent using SMTP authentication."
'==This section provides the configuration information for the remote SMTP server.
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP Server put here"
'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
'Your UserID on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "myuseraccount on smtp server"
'Your password on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "my password on smtp server"
'Server port (typically 25)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'Use SSL for the connection (False or True)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.F
'==End remote SMTP server configuration section==
objMessage.AddAttachment "c:\SomeDocument.doc"
objMessage.Send
==========================
What Id like to be able to
1) Make one vbs script out of the 2 above
2) Email the output file produced from 'Query6008.vbs' to myself.
I will schedule a job to kick it off daily.
Ideally, over time, the file should get larger and cover more datetime range.
Thankyou.
This is an extension of question posted "Event ID 6008 - Querying AD (2 scenarios)".
Id like to incorporate email capability into the following script:
==========================
'Query6008.vbs
Const EventID = 6008
Dim objRoot:Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
Set objOUs = GetObject(objDomain.adsPat
Dim objFSO:Set objFSO = CreateObject("Scripting.Fi
Dim objOutput:Set objOutput = objFso.CreateTextFile("C:\
Dim objRoot: Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
EnumOUs(objDomain.ADsPath)
objOutput.Close
Set objOutput=Nothing
Set objOUs=Nothing
Set objDomain=Nothing
Set objRoot=Nothing
Set objFSO=Nothing
wscript.quit
Sub EnumOUs(adspath)
Dim objOUs, OU
Set objOUs = GetObject(adspath)
objOUs.Filter = Array("OrganizationalUnit"
Call EnumUsers(objOUs.ADsPath)
For Each OU In objOUs
wscript.echo "Processing " & Replace(OU.Name, "OU=", "")
objOutput.WriteLine Replace(Ucase(OU.Name), "OU=", "")
Call EnumOUs(OU.ADsPath)
Next
End Sub
Sub EnumUsers(adspath)
Dim objServers:Set objServers = GetObject(adspath)
objUsers.Filter = Array("Computer")
objOutput.WriteLine
For Each Srv In objServers
If Instr(srv.cn, "TX001") > 0 Or Instr(srv.cn, "NP001") > 0 Then
x = 0
Set objWMI = GetObject("winmgmts:{imper
Set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' And EventCode=" & EventID)
For Each objEvent In colEvents
If x > 3 Then Exit For
objOutput.WriteLine strPC & "," & EventID & "," & objEvent.TimeWritten
x = x + 1
End If
Next
End If
Next
objOutput.WriteLine
End Sub
==========================
I have tested out at home cdo and tested sending myself test messages by using my isp's smtp server and successfully done this with attachments. The code for this is as follows:
==========================
Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).
Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM
Set objMessage = CreateObject("CDO.Message"
objMessage.Subject = "Example CDO Message"
objMessage.From = """Me"" <myEmailAddress put here>"
objMessage.To = "receivers EmailAddress put here"
objMessage.TextBody = "This is some sample message text.." & vbCRLF & "It was sent using SMTP authentication."
'==This section provides the configuration information for the remote SMTP server.
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP Server put here"
'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
'Your UserID on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "myuseraccount on smtp server"
'Your password on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "my password on smtp server"
'Server port (typically 25)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'Use SSL for the connection (False or True)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.F
'==End remote SMTP server configuration section==
objMessage.AddAttachment "c:\SomeDocument.doc"
objMessage.Send
==========================
What Id like to be able to
1) Make one vbs script out of the 2 above
2) Email the output file produced from 'Query6008.vbs' to myself.
I will schedule a job to kick it off daily.
Ideally, over time, the file should get larger and cover more datetime range.
Thankyou.
ASKER
Hi SB!
I researched far and wide about the cdo part, and was getting stuck on smtp authentication.
Bit of playing I got it which I felt good about....As you know Im not very good at scripting, but from learning from a master like you, maybe one day I can.
Okay....if i understand you correctly, here would be the completed script.....(SB...I havent tested this at work yet...so if you dont mind, can I please leave this one open for now? I will be testing this in around 7 hours time when I get in the office).
Also, just a quick one, will the date output be in WMI format or standard format, and if I understand the script correctly, does this retrieve ALL instances of event id 6008 on the target machines?
==========================
'SBThankyou.vbs
Const EventID = 6008
Dim objRoot:Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
Set objOUs = GetObject(objDomain.adsPat
Dim objFSO:Set objFSO = CreateObject("Scripting.Fi
Dim objOutput:Set objOutput = objFso.CreateTextFile("C:\
Dim objRoot: Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
EnumOUs(objDomain.ADsPath)
objOutput.Close
SendMail("C:\6008Events.lo
Set objOutput=Nothing
Set objOUs=Nothing
Set objDomain=Nothing
Set objRoot=Nothing
Set objFSO=Nothing
wscript.quit
Sub EnumOUs(adspath)
Dim objOUs, OU
Set objOUs = GetObject(adspath)
objOUs.Filter = Array("OrganizationalUnit"
Call EnumUsers(objOUs.ADsPath)
For Each OU In objOUs
wscript.echo "Processing " & Replace(OU.Name, "OU=", "")
objOutput.WriteLine Replace(Ucase(OU.Name), "OU=", "")
Call EnumOUs(OU.ADsPath)
Next
End Sub
Sub EnumUsers(adspath)
Dim objServers:Set objServers = GetObject(adspath)
objUsers.Filter = Array("Computer")
objOutput.WriteLine
For Each Srv In objServers
If Instr(srv.cn, "TX001") > 0 Or Instr(srv.cn, "NP001") > 0 Then
x = 0
Set objWMI = GetObject("winmgmts:{imper
Set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' And EventCode=" & EventID)
For Each objEvent In colEvents
If x > 3 Then Exit For
objOutput.WriteLine strPC & "," & EventID & "," & objEvent.TimeWritten
x = x + 1
End If
Next
End If
Next
objOutput.WriteLine
End Sub
Sub SendMail(strFIle)
Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).
Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM
Set objMessage = CreateObject("CDO.Message"
objMessage.Subject = "Example CDO Message"
objMessage.From = """Me"" <myEmailAddress put here>"
objMessage.To = "receivers EmailAddress put here"
objMessage.TextBody = "This is some sample message text.." & vbCRLF & "It was sent using SMTP authentication."
'==This section provides the configuration information for the remote SMTP server.
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP Server put here"
'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
'Your UserID on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "myuseraccount on smtp server"
'Your password on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "my password on smtp server"
'Server port (typically 25)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'Use SSL for the connection (False or True)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.F
'==End remote SMTP server configuration section==
objMessage.AddAttachment strFile
objMessage.Send
End Sub
==========================
I researched far and wide about the cdo part, and was getting stuck on smtp authentication.
Bit of playing I got it which I felt good about....As you know Im not very good at scripting, but from learning from a master like you, maybe one day I can.
Okay....if i understand you correctly, here would be the completed script.....(SB...I havent tested this at work yet...so if you dont mind, can I please leave this one open for now? I will be testing this in around 7 hours time when I get in the office).
Also, just a quick one, will the date output be in WMI format or standard format, and if I understand the script correctly, does this retrieve ALL instances of event id 6008 on the target machines?
==========================
'SBThankyou.vbs
Const EventID = 6008
Dim objRoot:Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
Set objOUs = GetObject(objDomain.adsPat
Dim objFSO:Set objFSO = CreateObject("Scripting.Fi
Dim objOutput:Set objOutput = objFso.CreateTextFile("C:\
Dim objRoot: Set objRoot = GetObject("LDAP://RootDSE"
Dim objDomain:Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNaming
EnumOUs(objDomain.ADsPath)
objOutput.Close
SendMail("C:\6008Events.lo
Set objOutput=Nothing
Set objOUs=Nothing
Set objDomain=Nothing
Set objRoot=Nothing
Set objFSO=Nothing
wscript.quit
Sub EnumOUs(adspath)
Dim objOUs, OU
Set objOUs = GetObject(adspath)
objOUs.Filter = Array("OrganizationalUnit"
Call EnumUsers(objOUs.ADsPath)
For Each OU In objOUs
wscript.echo "Processing " & Replace(OU.Name, "OU=", "")
objOutput.WriteLine Replace(Ucase(OU.Name), "OU=", "")
Call EnumOUs(OU.ADsPath)
Next
End Sub
Sub EnumUsers(adspath)
Dim objServers:Set objServers = GetObject(adspath)
objUsers.Filter = Array("Computer")
objOutput.WriteLine
For Each Srv In objServers
If Instr(srv.cn, "TX001") > 0 Or Instr(srv.cn, "NP001") > 0 Then
x = 0
Set objWMI = GetObject("winmgmts:{imper
Set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'System' And EventCode=" & EventID)
For Each objEvent In colEvents
If x > 3 Then Exit For
objOutput.WriteLine strPC & "," & EventID & "," & objEvent.TimeWritten
x = x + 1
End If
Next
End If
Next
objOutput.WriteLine
End Sub
Sub SendMail(strFIle)
Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).
Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM
Set objMessage = CreateObject("CDO.Message"
objMessage.Subject = "Example CDO Message"
objMessage.From = """Me"" <myEmailAddress put here>"
objMessage.To = "receivers EmailAddress put here"
objMessage.TextBody = "This is some sample message text.." & vbCRLF & "It was sent using SMTP authentication."
'==This section provides the configuration information for the remote SMTP server.
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP Server put here"
'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
'Your UserID on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "myuseraccount on smtp server"
'Your password on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "my password on smtp server"
'Server port (typically 25)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'Use SSL for the connection (False or True)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.F
'==End remote SMTP server configuration section==
objMessage.AddAttachment strFile
objMessage.Send
End Sub
==========================
I'm no master - just lucky! :^ )
The date is probably in WMI format - but I'll perform a quick adjustment here (there are functions online as well, if you'd rather)
The x counter allows it to only acquire the latest 3 instances (before it drops out of the For loop) - you can increase this as desired.
For Each objEvent In colEvents
If x > 3 Then Exit For
'added the following:
strDate=objEvent.TimeWritt
strYear=Left(strDate,4)
strMonth=Mid(strDate,5,2)
strDay=Mid(strDate,7,2)
strHour=Mid(strDate,9,2)
strMin=Mid(strDate,11,2)
strSec=Mid(strDate,13,2)
strDate=strMonth & "/" & strDay & "/" & strYear & " " & strHour & ":" & strMin & ":" & strSec
objOutput.WriteLine strPC & "," & EventID & "," & strDate
x = x + 1
The date is probably in WMI format - but I'll perform a quick adjustment here (there are functions online as well, if you'd rather)
The x counter allows it to only acquire the latest 3 instances (before it drops out of the For loop) - you can increase this as desired.
For Each objEvent In colEvents
If x > 3 Then Exit For
'added the following:
strDate=objEvent.TimeWritt
strYear=Left(strDate,4)
strMonth=Mid(strDate,5,2)
strDay=Mid(strDate,7,2)
strHour=Mid(strDate,9,2)
strMin=Mid(strDate,11,2)
strSec=Mid(strDate,13,2)
strDate=strMonth & "/" & strDay & "/" & strYear & " " & strHour & ":" & strMin & ":" & strSec
objOutput.WriteLine strPC & "," & EventID & "," & strDate
x = x + 1
ASKER
SB!
Im going to post another question on the same issue.......Im at work, and will eventually use the above, but feel a bit nervous due to the scope (which is great), but want to test it out on a selection of OUs.
Question I will post is: "Event ID 6008 and CDO - Select Some OUs"
Im going to post another question on the same issue.......Im at work, and will eventually use the above, but feel a bit nervous due to the scope (which is great), but want to test it out on a selection of OUs.
Question I will post is: "Event ID 6008 and CDO - Select Some OUs"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
:)
ASKER
SB!
I havent forgotten about this question or the other ones I have open...just putting a comment here.
Still testing :)
I havent forgotten about this question or the other ones I have open...just putting a comment here.
Still testing :)
ASKER
Champion as always SB!
Thanx very much. Glad to help you. :^ )
~sb
~sb
Just after you close the file here:
objOutput.Close
Set objOutput=Nothing
add this line in the middle:
objOutput.Close
SendMail("C:\6008Events.lo
Set objOutput=Nothing
Then make your cdo script a sub...
Sub SendMail(strFIle)
Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).
Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM
Set objMessage = CreateObject("CDO.Message"
objMessage.Subject = "Example CDO Message"
objMessage.From = """Me"" <myEmailAddress put here>"
objMessage.To = "receivers EmailAddress put here"
objMessage.TextBody = "This is some sample message text.." & vbCRLF & "It was sent using SMTP authentication."
'==This section provides the configuration information for the remote SMTP server.
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP Server put here"
'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
'Your UserID on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "myuseraccount on smtp server"
'Your password on the SMTP server
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "my password on smtp server"
'Server port (typically 25)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'Use SSL for the connection (False or True)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.F
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.F
'==End remote SMTP server configuration section==
objMessage.AddAttachment strFile
objMessage.Send
End Sub