Hello.
I want to synchronize my user database with the users and groups from active directory. My application reads the objects from AD and copies them to the database but gets outdated as AD changes.
Is there a way I can get active directory to notify me when a object is changed ? C# sample code would be great.
Fábio
P.S. I´m usung an Oracle Database
AD notifications don't exist. Just pull the data every N mins.
Currently, there's no way to have AD notify you when something changes - you'd have to just do a refresh every so often. You could set something up that pulls a copy of AD and compares it to your current copy, only updating what/if needed, but you'd need to pull an entire copy in either case.
ActiveDirectory user account's have 'whenCreated' and 'whenChanged' attributes. If you are synchronizing a lot of user accounts and performance is a concern, then you can query ActiveDirectory and filter out just those records which have changed since you last successfully synchronized.
The syntax of these attributes is (The capital Z at the end is mandatory and denotes Zulu time, which is the same as GMT):
YYYY MM DD HH mm ss.s Z
2009 06 30 00 00 00.0 Z
To search for all users created on or after June 30th, 2009 you could use this LDAP query:
(&(objectClass=User)(whenChanged>=20090630000000.0Z))
The code doing the synchronization will need to be responsible for logging the last synchornization time though.