Home > Uncategorized > Diff to html software / LDAP, Active Directory diff reports

Diff to html software / LDAP, Active Directory diff reports

There is an older tool that produces HTML output of a diff of files. You can then email yourself the diff report, after some parsing, to get a good overview of changes.

It’s quite cool, and you can use it to produce a file change report for many things.

I have yet to roll out splunk at my site, which seems like a good solution to monitor changes made to active directory by leveraging security auditing. In the interim, it’s better to have some security than none, and I use the above diff tool to produce an Email twice daily of changes that occurred to Active Directory. Our AD isn’t very big, so this situation is a manageable one.

The batch script is as follows. Note that I use a variety of win32 ports of *nix tools. I’ve changed the name of the executable from above to diffhtml.exe

if exist c:\adsnapshot\ad.ldf (rm -f d:\adold.ldr & mv -f d:\adold.ldf)
Ldifde.exe -f c:\adsnapshot\ad.ldf -s %logonserver% -d "DC=DOMAIN,DC=LOCAL" -p SubTree -m
diffhtml.exe c:\adsnapshot\adold.ldf c:\adsnapshot\ad.ldf output.html
.\gnucoreutils\bin\sleep 10
.\gnucoreutils\bin\sed "s/<\/tr>/<\/tr>\n/g" c:\adsnapshot\output.html >> c:\adsnapshot\tmp.html
.\gnucoreutils\bin\head -n 30 c:\adsnapshot\tmp.html >> c:\adsnapshot\ldap_diff.html
.\gnucoreutils\bin\grep class='C' c:\adsnapshot\tmp.html >> c:\adsnapshot\ldap_diff.html
.\gnucoreutils\bin\grep class='A' c:\adsnapshot\tmp.html >> c:\adsnapshot\ldap_diff.html
.\gnucoreutils\bin\grep class='D' c:\adsnapshot\tmp.html >> c:\adsnapshot\ldap_diff.html
echo ^</table^> ^</td^>^</tr^> >> c:\adsnapshot\ldap_diff.html
echo ^</table^> >> c:\adsnapshot\ldap_diff.html
echo ^</HTML^> >> c:\adsnapshot\ldap_diff.html
.\gnucoreutils\bin\rm c:\adsnapshot\output.html c:\adsnapshot\tmp.html
cscript .\sendmail.vbs /from:robot@externaldomain.com /to:mbrown@externaldomain.com /subject:"Active Directory diff snapshot" /attachment:"c:\adsnapshot\ldap_diff.html" 

sendmail.vbs I have posted previously.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: