' *********************************************************
' DS-Ex-IsDcRO V01.00.00vbs
' 
' Example script to illustrate how to ascertain whether or
' not a DC is a Read-Only DC (RODC).  Script is lengthy
' due to error handling, debug info., etc.
' 
' Version:	V01.00.00vbs
' Written:	03-12-2007
' 
' *********************************************************

Option Explicit

' SupportedCapability of an RODC.  Presence indictes DS is RO
Const ACTIVE_DIRECTORY_PARTIAL_SECRETS  = "1.2.840.113556.1.4.1920" ' as string

' Variant used as a constant to determine whether or not the
' print sub-routine should actually print to the screen (console)
Dim printInfoToConsole : printInfoToConsole = True
Dim printDebugInfoToConsole : printDebugInfoToConsole = False


' ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** 
'	----- MAIN BODY OF SCRIPT -----

' testing code...replace with something proper...
print(vbcrlf & "Server [ rwdc.idmgmt.int ] RODC? :: " & IsRODC("rwdc"))
print("Server [ rodc.idmgmt.int ] RODC? :: " & IsRODC("rodc") & vbCrLf)

'   ----- END OF "MAIN" (subs and funcs follow)
' ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** 

' IsRODC(ByVal dCName as String) as Boolean
' 
' Function returns TRUE if the passed hostname is an RODC and
' false if the passed hostname is not.
' 
' Function simply looks for the presence of the IS_RODC OID in
' the supportedCapabilities RootDSE attribute and doesn't take
' into consideration the actual version of the DS, e.g.,
' Win2008, Win2003, ADAM, etc.
' 
Private Function IsRODC(dCName) ' as boolean
	Dim rootDse, base ' as IADsContainer
	Dim supportedCapabilities, supportedCapability ' as string
	Dim rODC : rODC = False ' as bool
	
	On Error Resume Next
		
		Set rootDse = GetObject("LDAP://" & dCName & "/RootDSE")
		Dim doNotProceed ' as boolean
		doNotProceed = verifyError(Err)
		
		dbgPrint"Is-RODC::doNotProceed=" & doNotProceed
		
		If(doNotProceed)Then handleError Err, True, True
		
	On Error Goto 0
		
	supportedCapabilities = rootDse.get("supportedCapabilities")
	For Each supportedCapability In supportedCapabilities
		If(supportedCapability = ACTIVE_DIRECTORY_PARTIAL_SECRETS)Then rODC = True
	Next
	
	IsRODC = rODC
End Function


' Verify-Error(ByVal _err as Error-Object)
' 
' Sub checks to see if the passed error object is in
' an error state and, if so, returns TRUE, otherwise
' returns FALSE
' 
Private Function verifyError(oErr)
	Dim inErrorState : inErrorState = False
	
	If(oErr.number <> 0)Then _
		inErrorState = True
	
	dbgPrint"Verify-Error::inErrorState=" & inErrorState
	
	verifyError = inErrorState
End Function


' Handle-Error(ByVal _err as Error-Object)
' 
' Sub prints the error number and, if present, description
' to the console if the passed argument print is enabled 
' and terminates, if the passed argument fatal is enabled.
' 
Private Sub handleError(oErr, fatal, shouldPrint)
	On Error Goto 0
	
	dbgPrint"Handle-Error::shouldPrint=" & shouldPrint
	dbgPrint"Handle-Error::fatal=" & fatal
	
	Dim errorMessage ' as string
	errorMessage = "Error: " & oErr.number
	
	If Not (oErr.description="")Then _
		errorMessage = errorMessage & "Details: " & _
			oErr.description & vbCrLf
	
	If(shouldPrint)Then print errorMessage
	
	If(fatal)Then 
		print vbCrLf & "Error requires premature termination.  " & _
			"Exiting script..." & vbCrLf
		
		WScript.Quit(-1)
	End If
End Sub


' Print(ByVal printStr as String)
'  
' Sub prints the passed string to the console if the constant-
' esq variant Print-Info-To-Console is TRUE.  Otherwise the
' passed string is logged (if implemented) or ignored.
' 
Private Sub print(printStr)
	If(printInfoToConsole)Then
		WScript.Echo(printStr)
	Else
		' code to write to file goes here...
	End If	
End Sub

Private Sub dbgPrint(debugStr)
	If(printDebugInfoToConsole)Then _
		WScript.Echo(" [script-debug-string] " & debugStr)
End Sub

---