Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Re: Attribute level logging in a bulk update.

Attribute level logging in a bulk update.

Last post 08-03-2010, 11:26 AM by AjitS. 3 replies.
Sort Posts: Previous Next

  •  11-02-2009, 7:07 PM 7380

    Attribute level logging in a bulk update.


    Joe / All,

        This is regarding bulk user update in active directory.
        Is it possible to have an attribute level  logging for success or failure, when committing at record level?
        Suppose 10 attributes have to be updated for each user,
        to know if an update was a success or not for each attribute,
        do I need to do a commit for every attribute update? and then catch for any update error?

        If yes, then kindly let me know if there is any way the performance could be increased,
        because attribute level commit takes a lot of time compared to user/record level commit.

        My requirement is to have an attribute level audit log for a bulk update.

    Thanks,
    Ajit S
      

  •  11-02-2009, 10:43 PM 7382 in reply to 7380

    Re: Attribute level logging in a bulk update.

    If you commit an update, all the changes will succeed or the entire operation will fail.  You don't need to verify if individual changes worked.

    If you want AD to audit changes, you just need to make the appropriate changes to the SACL to enable it. This is not an area I have a lot of experience with, but I know that attribute level logging is supported so this should not be a problem.

  •  11-03-2009, 3:08 AM 7384 in reply to 7380

    Re: Attribute level logging in a bulk update.

    Step by step guide to enable AD auditing on WS2008
    http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx

    Once you have enabled logging you can do some rather neat stuff with the eventlog by running XPATH queries against it. The objectGUID of the target object can be found in the eventlog entry which makes it very easy to find the information for a specific object. This is incredibly powerful when you combine it with DirSync queries.

    The evenIDs you are interested in are 5136-5139 and 5141.

    Example XPATH query:
    *[System[(EventID=5136)] and EventData[(Data[@Name=\"ObjectGUID\"]=\”{31a84a37-2433-45ee-bb4a-31e26dbec47c}\”)]]


    If you modify 10 attributes in one operation the corresponding eventlog entries will have the same correlationID which makes it easy to find everything we are interested in.


    Note that XPATH type queries against the eventlog are supported from Vista/WS2008 and up.

    Also note that events are logged per DC. You either have to query all DCs or forward events to one central place to get the complete picture.
    lindstrom.nullsession.com

  •  08-03-2010, 11:26 AM 8504 in reply to 7384

    Re: Attribute level logging in a bulk update.

    Thank You frli. I'll certainly look into this.
View as RSS news feed in XML
© Dunn & Kaplan, 2011