Thursday, June 02, 2005

Displaying the Logon Status using Data shaping via ADSI and the Exchange_Logon WMI Class in Exchange 2003

Being able to display logon information via the various Exchange administrator tools has been around for a while but until Exchange 2003 there was never any scriptable interface you could use to display this data . Although for various reasons this data is never 100% accurate it can be used to get an indication of who’s logged onto the server and what client they are using. If you shape the data you can retrieve using Exchange_logon with a full list of mailboxes on that server retrieved via ADSI then you can get a bit more of a clear picture as to who is logged on, who is not logged on, how many people are logged on to one particular mailbox, how they are logged on (OWA or Outlook) and what version of outlook they are using.

The script itself uses the same ADO data shaping techniques I described in this post. Some different bits and pieces that have been added to this script are

Front End
The Front end of the code accepts two command line variables the first is the severname of the Exchange server you want to run it against and the second is the type of logon you want to report on. With the second parameter there are 5 options which should be self explanatory

OWA -Show user logged on via Outlook Web Access"
Outlook -Show users logged on via Outlook"
Loggedon -Show All logged on Users"
Loggedout -Show Users not Logged On"
ALL -Show all users Logged in and Out"

Displaying the Outlook version

The Exchange_Logon class displays the version of Outlook that is being used by the client to connect to exchange. There is a complete list of which versions relates to which Outlook build on http://www.cdolive.com/build.htm . I’ve taken this list and dropped it into a Case statement in the script so I can display the friendly Outlook build name instead of the the build version number. If you are using a build number not on the list then the script should just output the version number

Displaying IP address and Cache/Online Mode if the client is using Outlook 2003

Outlook 2003 now allows you to track weather a user is in cache mode or online mode as well as the IP address of the client PC. The WMI class returns an integer indicating weather the client is using cache mode or online so I’ve added a simple function to convert this to a friendly name. The IP address is displayed if possible if not it just shows blank.

With the ADSI query it only shows the visible users in the GAL for that server and ignores any hidden mailboxes. If you wanted to include hidden mailboxes you’ll need to tweak the ADSI.

The WMI query will differ based on the command line parameters you enter in. The rest of the script is pretty straight forward. One thing to note is i haven't tested this with OMA user logging on.(I think it will show them as OWA users)

To run the script use something like cscript displogon.vbs servername ALL

I’ve put a downloadable copy of the script here the code itself looks like

if WScript.Arguments.Count <> 2 then
call DisplayUsage
else
call Main()
end if


sub main()
servername = wscript.arguments(0)
showarg = lcase(wscript.arguments(1))
set conn = createobject("ADODB.Connection")
set com = createobject("ADODB.Command")
set conn1 = createobject("ADODB.Connection")
strConnString = "Data Provider=NONE; Provider=MSDataShape"
conn1.Open strConnString
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
set objParentRS = createobject("adodb.recordset")
set objChildRS = createobject("adodb.recordset")
strSQL = "SHAPE APPEND" & _
" NEW adVarChar(255) AS ADDisplayName, " & _
" NEW adVarChar(255) AS ADLegacyDN, " & _
" ((SHAPE APPEND " & _
" NEW adVarChar(255) AS WMIDisplayName, " & _
" NEW adVarChar(255) AS WMILegacyDN, " & _
" NEW adVarChar(255) AS WMILoggedOnUserAccount, " & _
" NEW adVarChar(255) AS WMIClientVersion, " & _
" NEW adVarChar(255) AS WMIClientIP, " & _
" NEW adVarChar(255) AS WMIClientMode " & _
")" & _
" RELATE ADLegacyDN TO WMILegacyDN) AS rsADWMI "
objParentRS.LockType = 3
objParentRS.Open strSQL, conn1
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
svcQuery = ""<LDAP://" & strNameingContext & "">;(&(objectCategory=msExchExchangeServer)(cn=" & Servername & "));cn,name,distinguishedName,legacyExchangeDN;subtree"
Com.ActiveConnection = Conn
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof
GALQueryFilter = "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)(| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" & rs.fields("legacyExchangeDN") & ")) )))))"
strQuery = ";" & GALQueryFilter & ";distinguishedName,displayname,legacyExchangeDN,homemdb;subtree"
com.Properties("Page Size") = 100
Com.CommandText = strQuery
Set Rs2 = Com.Execute
while not rs2.eof
objParentRS.addnew
objParentRS("ADDisplayName") = rs2.fields("displayname")
objParentRS("ADLegacyDN") = rs2.fields("legacyExchangeDN")
objParentRS.update
rs2.movenext
wend
wscript.echo "finished 1st AD of Mailbox's"
rs.movenext
wend

strWinMgmts ="winmgmts:{impersonationLevel=impersonate}!//"& servername &"/root/MicrosoftExchangeV2"
Select case showarg
case "owa" sqlstate = "Select * FROM Exchange_Logon where StoreType = 1 and ClientVersion = 'HTTP'"
case "outlook" sqlstate = "Select * FROM Exchange_Logon where StoreType = 1 and ClientVersion <> 'SMTP' AND ClientVersion <> 'OLEDB' AND ClientVersion <> 'HTTP'"
case else sqlstate = "Select * FROM Exchange_Logon where StoreType = 1 and ClientVersion <> 'SMTP' AND ClientVersion <> 'OLEDB'"
end select
Set objWMIExchange = GetObject(strWinMgmts)
Set listExchange_ExchangeLogons = objWMIExchange.ExecQuery(sqlstate,,48)
objChildRS.LockType = 3
Set objChildRS = objParentRS("rsADWMI").Value
For each objExchange_ExchangeLogon in listExchange_ExchangeLogons
if objExchange_ExchangeLogon.LoggedOnUserAccount <> "NT AUTHORITY\SYSTEM" then
objChildRS.addnew
objChildRS("WMIDisplayName") = objExchange_ExchangeLogon.MailboxDisplayName
objChildRS("WMILegacyDN") = objExchange_ExchangeLogon.MailboxLegacyDN
objChildRS("WMILoggedOnUserAccount") = objExchange_ExchangeLogon.LoggedOnUserAccount
objChildRS("WMIClientVersion") = objExchange_ExchangeLogon.ClientVersion
objChildRS("WMIClientIP") = objExchange_ExchangeLogon.ClientIP
objChildRS("WMIClientMode") = objExchange_ExchangeLogon.ClientMode
objChildRS.update
end if
Next
wscript.echo "finished Exchange WMI query"
Wscript.echo "Dislay Results " & showarg
wscript.echo
objParentRS.MoveFirst
Do While Not objParentRS.EOF
Set objChildRS = objParentRS("rsADWMI").Value
objChildRS.sort = "WMILoggedOnUserAccount"
select case showarg
case "all" Wscript.echo objParentRS.fields("ADDisplayName")
if objChildRS.recordcount = 0 then Wscript.echo " " & "Not Logged On"
case "loggedon" if objChildRS.recordcount <> 0 then Wscript.echo objParentRS.fields("ADDisplayName")
case "owa" if objChildRS.recordcount <> 0 then Wscript.echo objParentRS.fields("ADDisplayName")
case "outlook" if objChildRS.recordcount <> 0 then Wscript.echo objParentRS.fields("ADDisplayName")
case "loggedout"if objChildRS.recordcount = 0 then Wscript.echo objParentRS.fields("ADDisplayName")
case else Wscript.echo objParentRS.fields("ADDisplayName")
end select
if showarg <> "loggedout" then
Do While Not objChildRS.EOF
currec = objChildRS.fields("WMILoggedOnUserAccount") & objChildRS.fields("WMIClientVersion") & objChildRS.fields("WMIClientIP") & objChildRS.fields("WMIClientMode")
if currec <> prevrec then
Wscript.echo " " & objChildRS.fields("WMILoggedOnUserAccount") & " " & getversion(objChildRS.fields("WMIClientVersion")) & " " & _
getmode(objChildRS.fields("WMIClientMode")) & " " & objChildRS("WMIClientIP")
end if
prevrec = currec
objChildRS.MoveNext
Loop
end if
objParentRS.MoveNext
Loop

end sub


function getversion(version)

Select case version
case "4.0.994.0" getversion = "Outlook 97 Initial release in Q1/1997."
case "5.0.1457.0" getversion = "Outlook 97 Ships only with Microsoft Exchange 5.0 Service Pack 1"
case "5.0.1458.0" getversion = "Outlook 97 Ships only with Microsoft Office 97 SR-1"
case "5.0.1960.0" getversion = "Outlook 97 Ships only with Microsoft Exchange Server 5.5 and Microsoft Exchange 5.0 Service Pack 2"
case "5.0.2178.0" getversion = "Outlook 98 Initial release in Q1/1998."
case "5.0.2819.0" getversion = "Outlook 2000 Initial release in Q2/1999"
case "5.0.3121.0" getversion = "Outlook 2000 update included with Office 2000 SR1 (and SR1a)"
case "5.0.3136.0" getversion = "Outlook 2000 security update patch"
case "5.0.3144.0" getversion = "Outlook 2000 with Service Pack 2 installed"
case "10.0.0.3311" getversion = "Outlook 2002 with hotifx"
case "8.00.3511" getversion = "Outlook 97 Initial release in Q1/1997."
case "8.01.3817" getversion = "Outlook 97 Ships only with Microsoft Exchange 5.0 Service Pack 1"
case "8.02.4212" getversion = "Outlook 97 Ships only with Microsoft Office 97 SR-1"
case "8.03.4629" getversion = "Outlook 97 Ships only with Microsoft Exchange Server 5.5 and Microsoft Exchange 5.0 Service Pack 2"
case "8.04.5619" getversion = "Outlook 97 Ships only with Microsoft Office 97 SR-2"
case "8.5.5104.6" getversion = "Outlook 98 Initial release in Q1/1998. Is included with the Microsoft Exchange 5.5 Service Pack 1 CD-ROM (not available for download at the Microsoft site)"
case "8.5.5603.0" getversion = "Outlook 98 Microsoft Outlook 98 Security Patch 2 "
case "8.5.7806" getversion = "Outlook 98 Outlook 98 security update"
case "9.0.0.2711" getversion = "Outlook 2000 Initial Release in Q2/1999"
case "9.0.0.3011" getversion = "Outlook 2000 Microsoft Office 2000 Developer Edition released in Q3/1999"
case "9.0.0.3821" getversion = "Outlook 2000 update included with Office 2000 SR1 (and SR1a)"
case "9.0.0.4201" getversion = "Outlook 2000 security update patch installed."
case "9.0.0.4527" getversion = "Outlook 2000 with Service Pack 2 installed"
case "9.0.0.6673" getversion = "Outlook 2000 - SP3"
case "10.0.0.2625" getversion = "Outlook 2002 Initial release in Q1/2001."
case "10.0.0.2627" getversion = "Outlook 2002 Initial release in Q1/2001."
case "10.0.0.3513" getversion = "Outlook 2002 with Service Pack 1"
case "10.0.0.3501" getversion = "Outlook 2002 with Service Pack 1"
case "10.0.0.4115" getversion = "Outlook 2002 with Service Pack 2"
case "10.0.0.3416" getversion = "Outlook 2002 with Service Pack 1"
case "10.0.0.4219" getversion = "Outlook 2002 with Service Pack 2"
case "10.0.0.6515" getversion = "Outlook 2002 with Service Pack 3"
case "10.0.0.6626" getversion = "Outlook 2002 with Service Pack 3"
case "11.0.5604.0" getversion = "Outlook 2003 Initial release Oct. 2003 RTM Build"
case "11.0.5606.0" getversion = "Outlook 2003 Initial release Oct. 2003 RTM Build"
case "11.0.5608.0" getversion = "Outlook 2003 Initial release Oct. 2003 RTM Build"
case "11.0.5703.0" getversion = "Outlook 2003 with critical update releases on 11.4.2003"
case "11.0.6353.0" getversion = "Outlook 2003 SP1, released August 2003. "
case "11.0.6352.0" getversion = "Outlook 2003 SP1, released August 2003. "
case "HTTP" getversion = "Outlook Web Access"
case else getversion = version
end select

end function

function getmode(clientmode)
select case clientmode
case 1 getmode = "Classic Online"
case 2 getmode = "Cached Mode"
case else getmode = " "
end select
end function

public sub DisplayUsage
WScript.echo "usage: cscript displogon.vbs "
WScript.echo "Vaid Modes"
WScript.echo " OWA - Show user logged on via Outlook Web Access"
WScript.echo " Outlook -Show users logged on via Outlook"
WScript.echo " Loggedon -Show All logged on Users"
WScript.echo " Loggedout -Show Users not Logged On"
WScript.echo " ALL -Show all users Logged in and Out"
end sub

11 comments:

Chrissy said...

Glen, I *love* your blog. I dabble a tad in Exchange and your scripts are going to come in really handy. Thank you for posting them!

Anonymous said...

is it possible to convert the above code into C# as well......

Anonymous said...

is it possible to convert the above code into C# version as well?

Glen said...

In .NET you could use the datarealation feature of ADO.NET see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndive/html/data07122001.asp. Also you'd probably want to subsiture System.Directoryservice for the ADSI code and use System.Management class to do the WMI stuff. So a complete line by line rewrite would be need but yeah you could do it.

Anonymous said...

thank you for your information.
Btw, I would like one more question :-

If I want to get actual usage of mail size of exchange, of a particular host (I try use WMI, it is not fast enough.),

should I use ADO.Net + some query
OR
Active Directory Service Interfaces (ADSI).

And would you tell me where I could find more information of that kind of exchange's query? (these query are new to me)

Thank you

Glen said...

To get the mailbox size you need to use one of the Exchange API's. WMI is usually the fasted method there is the only other way you can do this is to use a Mailbox access API to actaully logon to the store and then retrieve the size by accessing the mailbox properties themselves either using MAPI, WebDAV or Exoledb see http://support.microsoft.com/?id=320071. Information on using the Exchange WMI class as well as the other exchange api can be found in the Exchange SDK which you can download from http://msdn.microsoft.com/exchange

Anonymous said...

thank you

Anonymous said...

Glen, it is the first time to see your blog it is great
only one question: how to audit the login connection by this script over a period of time

Glen said...

This is quite old i planning to do something new for 2007 when i have the time. http://www.outlookexchange.com/articles/glenscales/logtrack.asp

Cheers
Glen

Anonymous said...

Gen,

Awesome script,
Is it possible to query all Exchange servers and not just one server? I have over 80 servers and I am wanting to run this against all of them. I'm wondering if you might have a version that would pipe the results out to Excel.
Thanks

Glen said...

Is it possible to query all Exchange servers and not just one server?

Yes you just need to modify the LDAP query string so instead of just returning one server it returns all the Exchange Servers in your Configuration partition.

I'm wondering if you might have a version that would pipe the results out to Excel

Not yet if you where to convert this to Powershell and store the results in Custom object you can then just use the Export-csv to create a CSV file of the results.

Cheers
Glen