View the metadata for an AD object to find out more details about when its specific attributes were modified. This is very handy when trying to troubleshoot details about a specific object.. See when and where an attribute was updated which can also help track down who made the change if the entry was captured in the domain controller event logs.

Here’s the syntax and an example of what data you will get back.

Repadmin /showobjmeta DCNAME “full object DN”

C:\>repadmin /showobjmeta DC01 “cn=SVCAccount,ou=accounts,dc=domain,dc=corp”

58 entries.

Loc.USN        Originating DC     Org.USN     Org.Time/Date         Ver     Attribute

=======     ===========    ========    =========

16740030     DFW1\DC01     16740030     2009-10-28 11:18:43     1     objectClass

16740030     DFW1\DC01     16740030     2009-10-28 11:18:43     1    cn

29079766     DFW1\DC01     29079766     2010-03-23 16:23:35    3     sn

29079766     DFW1\DC01    29079766     2010-03-23 16:23:35    2     title

16740030     DFW1\DC01     16740030     2009-10-28 11:18:43    1     description

39541488     DFW1\DC01     39541488     2010-07-12 12:03:56     39     givenName

16740030     DFW1\DC01    16740030     2009-10-28 11:18:43     1     whenCreated

29079766     DFW1\DC01     29079766     2010-03-23 16:23:35     6     displayName

29079766     DFW1\DC01     29079766     2010-03-23 16:23:35     3     co

16741438     DFW1\DC01     16741438     2009-10-28 11:42:45     2     department

16740030     DFW1\DC01     16740030     2009-10-28 11:18:43     1     name

39259708     SAN1\DC02     32310052     2010-07-09 10:52:46     4     userAccountControl

38694997          SAN2\DC03     93941776     2010-07-03 17:56:41     1     homeDirectory

38694997          SAN2\DC03     93941776     2010-07-03 17:56:41     1     homeDrive

28995344     SAN1\DC02     23187706     2010-03-22 15:48:22     4     ntPwdHistory

28995344     SAN1\DC02     23187706     2010-03-22 15:48:22     4     pwdLastSet

16740031     DFW1\DC01     16740031     2009-10-28 11:18:43     1     primaryGroupID

…………

Most of these details are self-explanatory. Ver is the number of modifications to a particular attribute.

Now you have when and where a specific attribute was modified and can track down who did it by looking in the security log J

Recent Blog

Blog Categories

Tags

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.