Enterprise customers needing to periodically check password sync filter shim functionality need a better format to the output of the Password Sync Troubleshooting Tool to increase speed and efficiency of analysing the log for issues. Typically these customers use SIEM tools to parse logs for alerting and reporting purpose. The output of the tool is not conducive to this type of parsing/analysis. A proposed format would have the date/time and domain controller tested on each line of output like the example below:
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Checking the Domain Controller CNTPADC01.corp.local ....
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Running Basic Diagnostic Checks.
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Password filter files installed on this DC are C:\Windows\System32\PWFILTER.DLL and C:\Windows\System32\PSEVENT.DLL
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : The value of 'Host Names' '[tamp20pnetiqldr.corp.local]' in DC[CNTPADC01.corp.local] is same as the name of driver machine[tamp20pnetiqldr.corp.local]
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Opened key [SOFTWARE\NOVELL\PWFILTER\DATA].
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : No more items to process Currently.
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Number of Entries Processed is 2
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Running RPC Checks.
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Checking whether this tool can reach the filter through RPC
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : This tool can reach the filter through RPC
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : Checking if the filter can connect to the driver
Tue Feb 19 08:56:07 2019 : CNTPADC01.corp.local : pwFilter can connect to PassSync RPC server on driver machine - 0
by: Mark W. | over a year ago | Other
Comments
this is very useful to our customer and I agree this would be a useful addition to the tool