« Sync Windows Mobile Outlook Contacts across 2 Exchange servers | More fun with LDAP searches in ADUC »

How to expose meta data on Active Directory objects

Recently while troubleshooting a RUS (Exchange Recipient Update Service) issue MS pointed out how the repadmin.exe command could output the meta data on AD objects.

This was quite useful in this case, a process outside of RUS was modifying newly created user accounts before the RUS stamped the objects.

Command:
repadmin /showobjmeta AD_DC_server "CN=Enduser\, Jane,OU=UserAccounts,DC=mydomain,DC=tld" >out.txt

You can export the DN for the object you are looking for using ldp.exe or use AdFind from Joeware.net .

Output:

The entries in red are where another DC outside of my site and my local RUS server made changes.


Caching GUIDs.
..
53 entries.

Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========

31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectClass
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 cn
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sn
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 description
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 givenName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 instanceType
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 whenCreated
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 displayName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 homeMTA
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 proxyAddresses
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 homeMDB
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 nTSecurityDescriptor
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 mDBUseDefaults
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 mailNickname
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 replicatedObjectVersion
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 name
31821530 MyDomain\MyDCServer 31821530 2007-01-13 14:56:40 3 userAccountControl
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 codePage
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 countryCode
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 homeDirectory
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 homeDrive
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 dBCSPwd
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 scriptPath
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 logonHours
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 userWorkstations
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 unicodePwd
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 ntPwdHistory
31821528 MyDomain\MyDCServer 31821528 2007-01-13 14:56:40 3 pwdLastSet
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 primaryGroupID
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 1 supplementalCredentials
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 userParameters
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 profilePath
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectSid
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 comment
31821526 MyDomain\MyDCServer 31821526 2007-01-13 14:56:40 1 accountExpires
31821527 MyDomain\MyDCServer 31821527 2007-01-13 14:56:40 2 lmPwdHistory
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sAMAccountName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 sAMAccountType
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 showInAddressBook
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 legacyExchangeDN
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 userPrincipalName
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 objectCategory
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 textEncodedORAddress
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 mail
31822904 SomeOtherDataCenter-Exchange\ODC-AD11AD 7964633 2007-01-13 15:05:42 1 msExchPoliciesIncluded
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchHomeServerName
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 replicationSignature
31823463 SomeOtherDataCenter-Exchange\ODC-AD10AD 11927410 2007-01-13 15:20:39 2 msExchALObjectVersion
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 msExchADCGlobalNames
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchMailboxSecurityDescriptor
31822904 SomeOtherDataCenter-Exchange\ODC-AD11AD 7964633 2007-01-13 15:05:42 1 msExchUserAccountControl
31821525 MyDomain\MyDCServer 31821525 2007-01-13 14:56:40 1 msExchMailboxGuid
31822904 SomeOther-DataCenter-SiteII\ODC-AD3AD 154983196 2007-01-13 15:06:26 1 dLMemDefault

Disclaimer: This information is provided as-is, I am not responsible if you blow away all your DC's by mistake. Don't sand lead paint and be sure to eat more oatmeal.

See the full syntax on Technet here.

Technorati : , , , , ,

Posted by John Seaman on January 15, 2007 11:24 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)