You are here: Home / Active Directory / How to determine the Domain Controller where an object was last modified in Active Directory

How to determine the Domain Controller where an object was last modified in Active Directory

Posted by on Dec 14, 2010 | 1 Comment

Repadmin is a powerful tool to manage AD replication. It comes as part of support tools in Windows 2000 and 2003. One of the nice feature of the tool is to be able to quickly identify from command line, when and where a specific attribute of an object was last modified in Active Directory.

Repadmin takes two parameters to do this.

Distinguished Name of the object and a name of any DC with latest replication updates.

There a few ways to find out the DN of an object.
Here, I will show you how to retrieve the DN of an user object using one of the popular DS commands.
Make sure support tools is installed on the machine where we attempt to achieve this.

Open command prompt

type DSquery user -samid Johnp

and hit enter.

This should give the distinguished name of the user object similar as below, provided the object exists in AD.

“CN=Johnp,OU=Users,DC=Example,DC=com”

Now coming to our original task of finding the metadata of the object,

type repadmin /showobjmeta DCName “CN=Johnp,OU=Users,DC=Example,DC=com”

Always enclose the distinguished name with double quotes as a practice to avoid any
errors due to whitespace.

This will give us the the modified/updated metadata of the user object and when and where
it was last updated.

Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= ============ ============= ================= ======= ======= ===
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 objectClass
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 cn
36244197 London\DC1 36244197 2010-10-21 14:42:49 3 description
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 givenName
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 whenCreated
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 displayName
38783063 London\DC1 38783063 2010-11-25 10:54:03 2 name
36244197 London\DC1 36244197 2010-10-21 14:42:49 6 userAccountControl
39602178 Chennai\DC2 34396855 2010-12-08 11:21:51 25 ntPwdHistory
39602178 Chennai\DC2 34396855 2010-12-08 11:21:51 26 pwdLastSet
8237076 London\DC1 8237076 2009-03-25 11:29:46 1 objectSid
34824052 Chennai\DC2 33238757 2010-09-23 20:53:25 2 sAMAccountName
36244231 London\DC1 36244231 2010-10-21 14:42:58 3 sIDHistory
34824052 Chennai\DC2 33238757 2010-09-23 20:53:25 2 userPrincipalName
29354483 Chennai\DC2 26635989 2010-08-05 10:27:19 8 lockoutTime
39458656 London\DC1 7222155 2010-12-06 06:43:11 54 lastLogonTimestamp
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===

There are six columns in the table out of which columns 2, 4 and 6 are of our interest.
The text in bold on the table, for example give us the date and time when the password for the user object was last set. From the table, we can infer the password was last set on the 8th August 2010 at 11:21:51.The column originating DC ‘DC2′ give us the name of the DC that modified the ‘pwdlastset’ attribute.

Tags: , , , , ,

1 Response to " How to determine the Domain Controller where an object was last modified in Active Directory "

  1. nammy says:
    January 6, 2012 at 01:40

    Thanks.

    Reply

Leave a Reply

Copyright © 2009 Admin Talks. All rights reserved.