Hi All,
In this blog I will be writing about a PowerShell cmdlet that is included in the Active Directory Module included in the RSAT Tools for Windows 8. Active Directory stores Replication metadata which contains information about changes to Active Directory object’s attributes such as the version, which domain controller the change originated, and when they were changed last. I’ve used this information plenty of times when trying to trying to track down what happened when there is some sort of unexplained change to an object such as a user or group.
The cmdlet used to find this information is the “Get-ADReplicationAttributeMetadata” cmdlet. You will need to have the Active Directory Module for PowerShell included in the RSAT for Windows 8/ Windows 2012 installed to use the cmdlet.
Example 1
In the following example I will be viewing the Active Directory Replication Metadata to view changes to the membership of the Domain Admins group in the Pipe2text domain. After running this command you will be able to see who was added or removed from the group and when it happened.
The Command
Get-ADReplicationAttributeMetadata “CN=Domain Admins,CN=Users,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller -property member
All you will need to do is replace the distinguished name with the distiguishedname of the group you want to look at and mydomaincontroller with the name of the Domain Controller you want to query.
Example 2
In this next example you can view when changes happened to attributes for an Active Directory user object. We will be looking at user BC in the “WhereIKeepMyUsers” OU on the Pipe2text.com domain.
The Command
Get-ADReplicationAttributeMetadata “CN=BC,OU=WhereIKeepMyUsers,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller
You should receive the following output for each attribute change:
Server Version
AttributeName AttributeValue
FirstOriginatingCreateTime IsLinkValue LastOriginatingChangeDirectoryServerIdentity
LastOriginatingChangeDirectoryServerInvocationId LastOriginatingChangeTime LastOriginatingChangeUsn LastOriginatingDeleteTime LocalChangeUsn Object
—————————————————————————————————–
Example 3
Now lets say you dont need all of that data and want to format it a little nicer. For example, you wanted to only list the attribute name, lastorignatingtime andLastOriginatingChangeDirectoryServerIdentity sorting the list by lastoriginatingchangetime you could run the following:
The Command
Get-ADReplicationAttributeMetadata “CN=BC,OU=WhereIKeepMyUsers,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller | sort lastoriginatingchangetime | select attributename,lastoriginatingchangetime,LastOriginatingChangeDirectoryServerIdentity
You will now get a nicely formatted list sorted by the attribute change times.
The above is just two examples of how the “Get-ADReplicationAttributeMetadata” cmdlet can be used to find valuable information in Active Directory Replication Metadata. There are many other ways that this cmdlet can be used to find other useful information. For more information on using this cmdlet you can simply type “Get-Help Get-ADReplicationAttributeMetadata” and read the help file. Hope this helps. If you have any questions or feedback please leave a comment. Thanks.