Hi everybody,
I would like to know if it is possible to modify a body of an event ID. In
fact, it's about event 644 ("Intruder Lockout", we have in the body of this
event the user ID but we would like to have is distinguishedNamed in order to
locate him easily and automatically send a mail to the good supports with a
supervision tools ? Is it possible ..... ??
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire
Veuillez sélectionner un problème
Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Lognoul Marc [MVP]
Hello,
You cannot modify a given event once it is generated and this for obvious integrity reasons.
What you can do is, using a script, query your DC's for those event, extract the information from the message then translate the SAM account name to a distinguished name using API's such as Name.Translate. See http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's pour ces événements, en extraire les information ensuite résoudre le nom "SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
-- Marc [MCSE, MCTS, MVP] [Heureux celui qui a pu pénétrer les causes secrètes des choses] [Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" wrote in message news:
Hi everybody, I would like to know if it is possible to modify a body of an event ID. In fact, it's about event 644 ("Intruder Lockout", we have in the body of this event the user ID but we would like to have is distinguishedNamed in order to locate him easily and automatically send a mail to the good supports with a supervision tools ? Is it possible ..... ??
Regards.
Hello,
You cannot modify a given event once it is generated and this for obvious
integrity reasons.
What you can do is, using a script, query your DC's for those event, extract
the information from the message then translate the SAM account name to a
distinguished name using API's such as Name.Translate. See
http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci
pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's
pour ces événements, en extraire les information ensuite résoudre le nom
"SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir
http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
--
Marc [MCSE, MCTS, MVP]
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
[Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" <Sebastien@discussions.microsoft.com> wrote in message
news:20720322-EDD7-4336-9BF2-DE5504C6E6D4@microsoft.com...
Hi everybody,
I would like to know if it is possible to modify a body of an event ID. In
fact, it's about event 644 ("Intruder Lockout", we have in the body of
this
event the user ID but we would like to have is distinguishedNamed in order
to
locate him easily and automatically send a mail to the good supports with
a
supervision tools ? Is it possible ..... ??
You cannot modify a given event once it is generated and this for obvious integrity reasons.
What you can do is, using a script, query your DC's for those event, extract the information from the message then translate the SAM account name to a distinguished name using API's such as Name.Translate. See http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's pour ces événements, en extraire les information ensuite résoudre le nom "SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
-- Marc [MCSE, MCTS, MVP] [Heureux celui qui a pu pénétrer les causes secrètes des choses] [Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" wrote in message news:
Hi everybody, I would like to know if it is possible to modify a body of an event ID. In fact, it's about event 644 ("Intruder Lockout", we have in the body of this event the user ID but we would like to have is distinguishedNamed in order to locate him easily and automatically send a mail to the good supports with a supervision tools ? Is it possible ..... ??
Regards.
Sebastien
Merci, je regarde si je peux en tirer quelque-chose, car je suis d'un niveau quasi inexistant en vbs ..... :-( -- Sebastien Le techos...
"Lognoul Marc [MVP]" wrote:
Hello,
You cannot modify a given event once it is generated and this for obvious integrity reasons.
What you can do is, using a script, query your DC's for those event, extract the information from the message then translate the SAM account name to a distinguished name using API's such as Name.Translate. See http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's pour ces événements, en extraire les information ensuite résoudre le nom "SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
-- Marc [MCSE, MCTS, MVP] [Heureux celui qui a pu pénétrer les causes secrètes des choses] [Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" wrote in message news: > Hi everybody, > I would like to know if it is possible to modify a body of an event ID. In > fact, it's about event 644 ("Intruder Lockout", we have in the body of > this > event the user ID but we would like to have is distinguishedNamed in order > to > locate him easily and automatically send a mail to the good supports with > a > supervision tools ? Is it possible ..... ?? > > Regards.
Merci, je regarde si je peux en tirer quelque-chose, car je suis d'un niveau
quasi inexistant en vbs ..... :-(
--
Sebastien
Le techos...
"Lognoul Marc [MVP]" wrote:
Hello,
You cannot modify a given event once it is generated and this for obvious
integrity reasons.
What you can do is, using a script, query your DC's for those event, extract
the information from the message then translate the SAM account name to a
distinguished name using API's such as Name.Translate. See
http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci
pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's
pour ces événements, en extraire les information ensuite résoudre le nom
"SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir
http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
--
Marc [MCSE, MCTS, MVP]
[Heureux celui qui a pu pénétrer les causes secrètes des choses]
[Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" <Sebastien@discussions.microsoft.com> wrote in message
news:20720322-EDD7-4336-9BF2-DE5504C6E6D4@microsoft.com...
> Hi everybody,
> I would like to know if it is possible to modify a body of an event ID. In
> fact, it's about event 644 ("Intruder Lockout", we have in the body of
> this
> event the user ID but we would like to have is distinguishedNamed in order
> to
> locate him easily and automatically send a mail to the good supports with
> a
> supervision tools ? Is it possible ..... ??
>
> Regards.
Merci, je regarde si je peux en tirer quelque-chose, car je suis d'un niveau quasi inexistant en vbs ..... :-( -- Sebastien Le techos...
"Lognoul Marc [MVP]" wrote:
Hello,
You cannot modify a given event once it is generated and this for obvious integrity reasons.
What you can do is, using a script, query your DC's for those event, extract the information from the message then translate the SAM account name to a distinguished name using API's such as Name.Translate. See http://www.rlmueller.net/NameTranslateFAQ.htm for details.
Il n'est pas possible de modifier un événement après sa création et ceci pour des raisons évidentes d'intégrité.
Par contre, vous pouvez, en utilisant un script, interroger tous les DC's pour ces événements, en extraire les information ensuite résoudre le nom "SAM" en "distinguished name" un utilisant des API type Name.Translate. Voir http://www.rlmueller.net/NameTranslateFAQ.htm pour les details.
-- Marc [MCSE, MCTS, MVP] [Heureux celui qui a pu pénétrer les causes secrètes des choses] [Blog: http://www.marc-antho-etc.net/blog/]
"Sebastien" wrote in message news: > Hi everybody, > I would like to know if it is possible to modify a body of an event ID. In > fact, it's about event 644 ("Intruder Lockout", we have in the body of > this > event the user ID but we would like to have is distinguishedNamed in order > to > locate him easily and automatically send a mail to the good supports with > a > supervision tools ? Is it possible ..... ?? > > Regards.
