Solved

System GUID for each DC

Posted on 2006-11-22
9
401 Views
Last Modified: 2012-05-05
I wanted to see if anyone had a VBScript to do something like this...

1. List the GUID of each DC
2. List the 'expected' GUID from each directory replication partner DC

Right now, I have to use either ADSIedit or NTDSUTIL to harvest this info, looking for a GUID mis-match. This happens when someone performs a Force Remove of Active Directory from a DC which leaves alot of orphaned Directory data for the DC, then promotes a DC of exactly the same name back into AD.

If you have suggestions which fall outside the VBScript realm, I am open to suggestions.

Thank you and Happy Thanksgiving!
JohnD
0
Comment
Question by:johndarby
  • 6
  • 3
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hi JohnD,

Just a single domain here?

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Oh and just so I understand correctly. You're looking for the entries in AD Sites and Services where the connection name is displaying as a GUID rather than a Server Name?

If so, that would imply you want the connection name (with the out of date GUID) and the value held in fromServer which states where it thinks it should be replicating from?

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

It's going to take a bit of looking into.

I haven't managed to find what the GUIDs associated with the automatically generated NTDS Connections actually link to, they certainly don't match to the Computer Account GUID for the DC, and they won't match to either the Server Object under Sites or the NTDS Settings container underneath that.

Chris
0
 
LVL 1

Author Comment

by:johndarby
Comment Utility
I have been looking, as well. I appreciate your help!
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Oh and there seems to be no easy way to identify whether the connection is automatically generated. Clearly it must be in there somewhere... but...

I could tell you how to retrieve GUIDs and convert them into a Hexadecimal String in VbScript if you like? Without being able to eliminate the automatically generated connections it's unlikely to be much help, but just in case.

Chris
0
 
LVL 1

Author Comment

by:johndarby
Comment Utility
Thanks Chris...I will update this thread when I find the answer, so we can all benefit. I am working at Microsoft and will do the silly thing and ask one of the AD guys the key question. I had originally thought I was just daft and missing the obvious, but it seems the digging is a bit deeper and the info could help us produce a tool which consultants could use to quickly check for DC GUID mismatch when troubleshooting DS replication problems.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

If you do manage to find where the attribute is stored I can finish off this script, this is what I was using to try and like the values up. I'm a bit stuck though short of trying to match the GUID to everything available in AD.

It does at least show how to convert a GUID array into a readable format (and into the same format you'll see it displayed with in other LDAP browsers).

Chris



Option Explicit

'
' Functions & Subroutines
'

Function FormatGUID(arrGUID)
      Dim strGUID, strTemp
      Dim i

      For i = LBound(arrGUID) To UBound(arrGUID)
            strTemp = strTemp & Hex(AscB(MidB(arrGUID, i + 1, 1)) \ 16) &_
                  Hex(AscB(MidB(arrGUID, i + 1, 1)) Mod 16)
      Next

      ' Reversed Pairs

      i = 0
      Do Until i = 8
            strGUID = strGUID & Mid(strTemp, 7 - i, 1)
            strGUID = strGUID & Mid(strTemp, 8 - i, 1)
            i = i + 2
      Loop
      strGUID = strGUID & "-"
      Do Until i = 12
            strGUID = strGUID & Mid(strTemp, 19 - i, 1)
            strGUID = strGUID & Mid(strTemp, 20 - i, 1)
            i = i + 2
      Loop
      strGUID = strGUID & "-"
      Do Until i = 16
            strGUID = strGUID & Mid(strTemp, 27 - i, 1)
            strGUID = strGUID & Mid(strTemp, 28 - i, 1)
            i = i + 2
      Loop
      strGUID = strGUID & "-"

      ' Normal Pairs

      For i = 17 to 20
            strGUID = strGUID & Mid(strTemp, i, 1)
      Next
      strGUID = strGUID & "-"
      For i = 21 to 32
            strGUID = strGUID & Mid(strTemp, i, 1)
      Next
      strGUID = LCase(strGUID)
      FormatGUID = strGUID
End Function

Sub GetCurrentNTDSDSA
      Const ADS_SCOPE_SUBTREE = 2

      Dim objConnection, objCommand, objRootDSE, objRecordSet
      Dim strGUID

      Set objConnection = CreateObject("ADODB.Connection")
      objConnection.Provider = "ADsDSOObject"
      objConnection.Open "Active Directory Provider"
      
      Set objCommand = CreateObject("ADODB.Command")
      objCommand.ActiveConnection = objConnection

      Set objRootDSE = GetObject("LDAP://RootDSE")
      objCommand.CommandText = "SELECT objectGUID, distinguishedName FROM 'LDAP://" &_
            objRootDSE.Get("configurationNamingContext") & "' WHERE objectClass='server'"
      Set objRootDSE = Nothing
      
      objCommand.Properties("Page Size") = 1000
      objCommand.Properties("Timeout") = 600
      objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
      objCommand.Properties("Cache Results") = False
      
      Set objRecordSet = objCommand.Execute
      
      While Not objRecordSet.EOF
            strGUID = FormatGUID(objRecordSet.Fields("objectGUID"))

            objDCList.Add strGUID, objRecordSet.Fields("distinguishedName")
            If InStr(objRecordSet.Fields("distinguishedName"), "UKDC01") Then
                  WScript.Echo strGUID & " - " & objRecordSet.Fields("distinguishedName")
            End If

            objRecordSet.MoveNext
      Wend
      
      objConnection.Close
      
      Set objRecordSet = Nothing
      Set objCommand = Nothing
      Set objConnection = Nothing
End Sub

Sub GetCurrentNTDSConnections
      Const ADS_SCOPE_SUBTREE = 2

      Dim objConnection, objCommand, objRootDSE, objRecordSet

      Set objConnection = CreateObject("ADODB.Connection")
      objConnection.Provider = "ADsDSOObject"
      objConnection.Open "Active Directory Provider"
      
      Set objCommand = CreateObject("ADODB.Command")
      objCommand.ActiveConnection = objConnection

      Set objRootDSE = GetObject("LDAP://RootDSE")
      objCommand.CommandText = "SELECT name, distinguishedName, fromServer FROM 'LDAP://" &_
            objRootDSE.Get("configurationNamingContext") & "' WHERE objectClass='nTDSConnection'"
      Set objRootDSE = Nothing
      
      objCommand.Properties("Page Size") = 1000
      objCommand.Properties("Timeout") = 600
      objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
      objCommand.Properties("Cache Results") = False
      
      Set objRecordSet = objCommand.Execute
      
      While Not objRecordSet.EOF
            If objDCList.Exists(objRecordSet.Fields("name")) Then
                  WScript.Echo "Matched"
            End If
            objRecordSet.MoveNext
      Wend
      
      objConnection.Close
      
      Set objRecordSet = Nothing
      Set objCommand = Nothing
      Set objConnection = Nothing
End Sub

'
' Main Code
'

' Global Variables

Dim objDCList, objErrorList

Set objDCList = CreateObject("Scripting.Dictionary")
Set objErrorList = CreateObject("Scripting.Dictionary")

GetCurrentNTDSDSA
GetCurrentNTDSConnections

WScript.Echo objDCList.Count
WScript.Quit


Set objSites = GetObject("LDAP://CN=Sites," & objRootDSE.Get("configurationNamingContext"))

For Each objSite in objSites
      If objSite.Name <> "CN=Subnets" And objSite.Name <> "CN=Inter-Site Transports" Then
            Set objServers = GetObject("LDAP://CN=Servers," & objSite.Get("distinguishedName"))

            For Each objServer in objServers
                  On Error Resume Next
                  Err.Clear
                  Set objNTDSSettings = GetObject("LDAP://CN=NTDS Settings," & objServer.Get("distinguishedName"))
                  If Err.Number = 0 Then
                        For Each objConnection in objNTDSSettings
                              strConnection = objConnection.Name
                              strFromServer = objConnection.Get("fromServer")
                              strFromServer = Mid(strFromServer, 18, Len(strFromServer) - 17)
                              strFromServer = Left(strFromServer, InStr(strFromServer, ",") - 1)

                              If strConnection <> strFromServer Then
                                    If objDCList.Exists(objConnection.Get("name")) Then

                                          ' Except we're not getting the correct matches to get rid of the
                                          ' automatically generated connections

                                    End If
                              End If
                        Next
                  Else
                        objErrorList.Add objServer.Get("distinguishedName"), "Missing NTDS Settings"
                  End If
                  On Error Goto 0
            Next
      End If
Next
0
 
LVL 1

Author Comment

by:johndarby
Comment Utility
Criminy Chris!
It may take me a while to process this script. However, thank you...I am sure you did a great job!
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

It's just a shame that it won't work completely at the moment because we can't eliminate the automatically generated connections.

Chris
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now