0

I am working on synchronization between internal .NET application between active directory for all users and groups. I am getting all users and groups from Active Directory and save these data in .NET application database.

I am using PrincipalContext object for Active Directory queries. I want to determine if changing user or group to provide high performance. Is there any way that ; for example LastModifiedDate property for GroupPrincipal or UserPrincipal objects.

Kara
  • 6,115
  • 16
  • 50
  • 57
user2054653
  • 3
  • 1
  • 3
  • 1
    Just to clarify, you are asking if there is some way to *only* get the information that changed? Ex: If the only change since the last update was John Smith was added to "Administrators", then your pull will only have that change, or are you asking for a fast way to search through for changes? – Dakotah Hicock Apr 17 '15 at 12:37
  • More on what @DakotahHicock was saying... Are you asking for something like a `LastModifedDate` property for an Active Directory object? So if I modified the user `bloggs\joe` today by adding him to the `Administrators` group then the `LastModifiedDate` would update to today? This would be so that you did not have to scan for changes? – Michael Coxon Apr 17 '15 at 12:48
  • I am asking for something like a LastModifedDate property for an Active Directory object. If user is updated, i determine to update user or group in database. – user2054653 Apr 17 '15 at 13:05

1 Answers1

0

I believe the User Attritbute you're looking for is called:

WhenChanged
mjw
  • 1,196
  • 1
  • 12
  • 19
  • I think this gets updated more often than just changes to the account. I'm looking at ours, and all accounts show updated in the last week, but I know for a fact that 99% had no changes – Dakotah Hicock Apr 17 '15 at 14:03
  • It is probably picking up changes to object permissions. If OP is looking for a more granular solution that inspects specific types of changes, a more detailed solution will be required. – mjw Apr 17 '15 at 14:50
  • It appears to me that that is what OP is going to need to do. WhenChanged is about as close as you're going to get, but you will get so many false positives, it makes it effectively useless for what he wants to do. It will probably take more time to check this field than it would to just process the employee (depending on what is processed per employee) – Dakotah Hicock Apr 17 '15 at 14:56