Partager via

How to: Search for Password Change Requests That Are Sent to Connected Data Sources

  • Article

For connected data sources that receive a new password as a result of the password synchronization feature of Forefront Identity Manager Synchronization Service (FIM Synchronization Service), you might want to determine how the change request got to the target data source. The MIIS_PasswordChangeHistoryTarget Class class retrieves the password change histories for the connected data sources that receive the password change from the FIM Synchronization Service server.

The following examples show how to search for password change histories that are sent to the target connected data source.

By Time

The following Microsoft Visual Basic Scripting Edition (VBScript) example shows how to retrieve the password change history for any change request that was sent to the target connected data source after September 16, 2004.

Option Explicit

On Error Resume Next

Const PktPrivacy = 6    ' Authentication level
Dim Service             ' Service object
Dim queryString         ' SQL Query string
Dim errorString         ' Error string
Dim statusString        ' Status string
Dim timePeriod          ' Time string
Dim changeHistories     ' Change history collection
Dim changeHistory       ' Change history member

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")

If err.number<>0 Then 
  errorString = "Could not retrieve service object: "
  errorString = errorString & Err.Description
  ErrorHandler(errorString)  
End If

timePeriod = "2004-09-16"
queryString = "Select * from MIIS_PasswordChangeHistoryTarget WHERE "
queryString = queryString & "MIISReceiveTime > '" & timePeriod & "'"
Set changeHistories = Service.ExecQuery(queryString)

If err.number <> 0 Then
  errorString = "Could not retrieve password change history: " 
  errorString = errorString & Err.Description
  ErrorHandler(errorString)    
End If

If changeHistories.Count = 0 Then
  statusString = "There are no password changes requested after "
  statusString = statusString & timePeriod & "."
  ErrorHandler(statusString)
Else
  For Each changeHistory In changeHistories
    statusString = "Change History that occurred after "
    statusString = statusString & timePeriod & "."
    WScript.Echo statusString
    WScript.Echo changeHistory.eventDetails
  Next
End If

Sub ErrorHandler (ErrorMessage)
  WScript.Echo ErrorMessage
  WScript.Quit(1)

End Sub

By Target Management Agent

The following VBScript example shows how to retrieve the password changes for a specified management agent that were sent to the target connected data source.

Option Explicit

On Error Resume Next

Const PktPrivacy = 6    ' Authentication level
Dim Service             ' Service object
Dim queryString         ' SQL Query string
Dim errorString         ' Error string
Dim statusString        ' Status string
Dim ManagementAgentSet  ' Management agent collection
Dim ManagementAgent     ' Management agent member
Dim changeHistories     ' Change history collection
Dim changeHistory       ' Change history member

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")

If err.number <> 0 Then 
  errorString = "Could not retrieve service object: "
  errorString = errorString & Err.Description
  ErrorHandler(errorString)    
End If

queryString = "Select * From MIIS_ManagementAgent"
Set ManagementAgentSet = Service.ExecQuery(queryString)
If err.number <> 0 Then
  errorString = "Could not retrieve management agent collection: "
  errorString = errorString & err.Description
  ErrorHandler(errorString)    
End If

If ManagementAgentSet.Count = 0 Then 
  statusString = "There are no management agents on this server."
  ErrorHandler(statusString)    
End If 

For each ManagementAgent in ManagementAgentSet
  queryString = "Select * from MIIS_PasswordChangeHistoryTarget WHERE "
  queryString = queryString & "MaGuid = '"
  queryString = queryString & ManagementAgent.Guid & "'"
  Set changeHistories = Service.ExecQuery(queryString)
  If err.number <> 0 Then
    errorString = "Could not retrieve password change history: " 
    errorString = errorString & Err.Description
    ErrorHandler(errorString)
  End If

  If changeHistories.Count = 0 then
    statusString = "There are no password change histories for the " 
    statusString = statusString & ManagementAgent.Name
    statusString = statusString & " management agent."
    WScript.Echo statusString
  Else
    For Each changeHistory in changeHistories
      statusString = "Change History for the "
      statusString = statusString & ManagementAgent.Name
      statusString = statusString & " management agent:"
      WScript.Echo statusString
      WScript.Echo changeHistory.eventDetails
    Next
  End If
Next

Sub ErrorHandler (ErrorMessage)
  WScript.Echo ErrorMessage
  WScript.Quit(1)
End Sub

By Reference GUID

The following VBScript example shows how to retrieve the password changes that were sent to the target server by using a query with the reference GUID. In this example, the reference GUID is supplied. You can obtain the reference GUID from the MIIS_PasswordChangeHistorySource Class or the MIIS_PasswordChangeQueue Class class. You can then pass the value to this script to track the password change history from the originating connected data source to the target data sources.

Option Explicit

On Error Resume Next

Const PktPrivacy = 6    ' Authentication level
Dim Service             ' Service object
Dim queryString         ' SQL Query string
Dim errorString         ' Error string
Dim statusString        ' Status string
Dim refGuid             ' Reference Guid string
Dim changeHistories     ' Change history collection
Dim changeHistory       ' Change history member

' In this example, the reference GUID is supplied. In practice, the
' reference GUID can be obtained from the 
' MIIS_PasswordChangeHistorySource or the MIIS_PasswordChangeQueue
' classes and be passed to this script.

refGuid = "{B6F6FEB7-0EB7-45D9-B4CB-3B6B02CA9023}"
Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer")

If err.number <> 0 Then 
  errorString = "Could not retrieve service object: "
  errorString = errorString & Err.Description
  ErrorHandler(errorString)   
End If

queryString = "Select * From MIIS_PasswordChangeHistoryTarget WHERE "
queryString = queryString & "ReferenceGuid = '"
queryString = queryString & refGuid & "'"
    
Set changeHistories = Service.ExecQuery(queryString)
If err.number <> 0 Then
  errorString = "Could not retrieve password change history: " 
  errorString = errorString & Err.Description
  ErrorHandler(errorString)
End If

If changeHistories.Count = 0 Then
  statusString = "There are no password change histories for the " 
  statusString = statusString & "reference Guid "
  statusString = statusString & refGuid & "."
  WScript.Echo statusString
    
Else
  For Each changeHistory in changeHistories
  statusString = "Change History for Reference Guid:  "
  statusString = statusString & refGuid
  statusString = statusString & ":"
  WScript.Echo statusString
  WScript.Echo changeHistory.eventDetails
Next
    
End If

Sub ErrorHandler (ErrorMessage)
  WScript.Echo ErrorMessage
  WScript.Quit(1)
End Sub

See Also

Reference

MIIS_PasswordChangeHistoryTarget Class

Concepts

Password Synchronization
Password Management
WMI Provider Overview
Using the WMI Provider