Skip to the main content.

1 min read

AD: Viewing full object metadata to determine when an attribute was changed

View the metadata for an AD object to find out more details about when its specific attributes were modified. This is very handy when trying to troubleshoot details about a specific object.. See when and where an attribute was updated which can also help track down who made the change if the entry was captured in the domain controller event logs.

Here’s the syntax and an example of what data you will get back.

Repadmin /showobjmeta DCNAME “full object DN”

C:>repadmin /showobjmeta DC01 “cn=SVCAccount,ou=accounts,dc=domain,dc=corp”

58 entries.

Loc.USN        Originating DC     Org.USN     Org.Time/Date         Ver     Attribute

=======     ===========    ========    =========

16740030     DFW1DC01     16740030     2009-10-28 11:18:43     1     objectClass

16740030     DFW1DC01     16740030     2009-10-28 11:18:43     1    cn

29079766     DFW1DC01     29079766     2010-03-23 16:23:35    3     sn

29079766     DFW1DC01    29079766     2010-03-23 16:23:35    2     title

16740030     DFW1DC01     16740030     2009-10-28 11:18:43    1     description

39541488     DFW1DC01     39541488     2010-07-12 12:03:56     39     givenName

16740030     DFW1DC01    16740030     2009-10-28 11:18:43     1     whenCreated

29079766     DFW1DC01     29079766     2010-03-23 16:23:35     6     displayName

29079766     DFW1DC01     29079766     2010-03-23 16:23:35     3     co

16741438     DFW1DC01     16741438     2009-10-28 11:42:45     2     department

16740030     DFW1DC01     16740030     2009-10-28 11:18:43     1     name

39259708     SAN1DC02     32310052     2010-07-09 10:52:46     4     userAccountControl

38694997          SAN2DC03     93941776     2010-07-03 17:56:41     1     homeDirectory

38694997          SAN2DC03     93941776     2010-07-03 17:56:41     1     homeDrive

28995344     SAN1DC02     23187706     2010-03-22 15:48:22     4     ntPwdHistory

28995344     SAN1DC02     23187706     2010-03-22 15:48:22     4     pwdLastSet

16740031     DFW1DC01     16740031     2009-10-28 11:18:43     1     primaryGroupID

…………

Most of these details are self-explanatory. Ver is the number of modifications to a particular attribute.

Now you have when and where a specific attribute was modified and can track down who did it by looking in the security log J

Changes are on the way for Power BI Premium Capacity licenses

Changes are on the way for Power BI Premium Capacity licenses

Microsoft introduced Microsoft Fabric and its related SKUs last year. As a result, the Power BI Premium per capacity SKUs will no longer be...

The Importance of Application Security Assessments

The Importance of Application Security Assessments

Discover why Application Security Assessments are essential for protecting your digital assets and preventing cyber attacks. An Application Security...

Navigating Microsoft Tenant Migrations: A Guide for IT Professionals

Navigating Microsoft Tenant Migrations: A Guide for IT Professionals

Discover key insights and best practices for successfully navigating Microsoft tenant migrations in 2024. Swiftly resolve common tenant-to-tenant...