Audit modify event ID 644

Le
Sebastien
Hi everybody,
I would like to know if it is possible to modify a body of an event ID. In
fact, it's about event 644 ("Intruder Lockout", we have in the body of this
event the user ID but we would like to have is distinguishedNamed in order to
locate him easily and automatically send a mail to the good supports with a
supervision tools ? Is it possible .. ??

Regards.
Questions / Réponses high-tech
Vidéos High-Tech et Jeu Vidéo
Téléchargements
Vos réponses
Gagnez chaque mois un abonnement Premium avec GNT : Inscrivez-vous !
Trier par : date / pertinence
Lognoul Marc [MVP]
Le #19151991
Hello,

You cannot modify a given event once it is generated and this for obvious
integrity reasons.

What you can do is, using a script, query your DC's for those event, extract
the information from the message then translate the SAM account name to a
distinguished name using API's such as Name.Translate. See
http://www.rlmueller.net/NameTranslateFAQ.htm for details.

Il n'est pas possible de modifier un événement après sa création et ceci
pour des raisons évidentes d'intégrité.

Par contre, vous pouvez, en utilisant un script, interroger tous les DC's
pour ces événements, en extraire les information ensuite résoudre le nom
"SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir
http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.

--
Marc [MCSE, MCTS, MVP]
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
[Blog: http://www.marc-antho-etc.net/blog/]



"Sebastien" news:
Hi everybody,
I would like to know if it is possible to modify a body of an event ID. In
fact, it's about event 644 ("Intruder Lockout", we have in the body of
this
event the user ID but we would like to have is distinguishedNamed in order
to
locate him easily and automatically send a mail to the good supports with
a
supervision tools ? Is it possible ..... ??

Regards.


Sebastien
Le #19166221
Merci, je regarde si je peux en tirer quelque-chose, car je suis d'un niveau
quasi inexistant en vbs ..... :-(
--
Sebastien
Le techos...


"Lognoul Marc [MVP]" wrote:

Hello,

You cannot modify a given event once it is generated and this for obvious
integrity reasons.

What you can do is, using a script, query your DC's for those event, extract
the information from the message then translate the SAM account name to a
distinguished name using API's such as Name.Translate. See
http://www.rlmueller.net/NameTranslateFAQ.htm for details.

Il n'est pas possible de modifier un événement après sa création et ceci
pour des raisons évidentes d'intégrité.

Par contre, vous pouvez, en utilisant un script, interroger tous les DC's
pour ces événements, en extraire les information ensuite résoudre le nom
"SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir
http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.

--
Marc [MCSE, MCTS, MVP]
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
[Blog: http://www.marc-antho-etc.net/blog/]



"Sebastien" news:
> Hi everybody,
> I would like to know if it is possible to modify a body of an event ID. In
> fact, it's about event 644 ("Intruder Lockout", we have in the body of
> this
> event the user ID but we would like to have is distinguishedNamed in order
> to
> locate him easily and automatically send a mail to the good supports with
> a
> supervision tools ? Is it possible ..... ??
>
> Regards.




Publicité
Poster une réponse
Anonyme