Hi All,<\/p>\n
In this blog I will be writing about a PowerShell cmdlet that is included in the Active Directory Module included in the RSAT Tools for Windows 8. Active Directory stores Replication metadata which contains information\u00a0about changes to\u00a0Active Directory object’s attributes such as the version, which domain controller the change originated, and when they\u00a0were changed last. I’ve used this information plenty of times when trying to trying to track down what happened when there is some sort of unexplained change to an object such as a user or group.<\/p>\n
The cmdlet used to find this information is the “Get-ADReplicationAttributeMetadata” cmdlet. You will need to have the Active Directory Module for PowerShell included in the RSAT for Windows 8\/ Windows 2012 installed to use the cmdlet.<\/p>\n
Example 1<\/strong><\/span><\/p>\n In\u00a0the following\u00a0example I will be viewing the Active Directory Replication\u00a0Metadata to view changes to the membership of the Domain Admins group in the Pipe2text domain. After running this command you will be able to see who was added or removed from the group and when it happened.<\/p>\n The Command<\/strong><\/p>\n Get-ADReplicationAttributeMetadata “CN=Domain Admins,CN=Users,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller<\/em> -property member<\/p>\n All you will need to do is replace the distinguished name with the distiguishedname of the group you want to look at and mydomaincontroller<\/em> with the name of the Domain Controller you want to query.<\/p>\n Example 2<\/strong><\/span><\/p>\n In this next example you can view when changes happened to attributes for an Active Directory user object. We will be looking at user BC in the “WhereIKeepMyUsers” OU on the Pipe2text.com domain.<\/p>\n The Command<\/strong><\/p>\n Get-ADReplicationAttributeMetadata “CN=BC,OU=WhereIKeepMyUsers,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller<\/em><\/p>\n You should receive the following output for each attribute change:<\/strong><\/p>\n Server Version<\/p>\n AttributeName AttributeValue<\/p>\n FirstOriginatingCreateTime IsLinkValue LastOriginatingChangeDirectoryServerIdentity<\/p>\n LastOriginatingChangeDirectoryServerInvocationId LastOriginatingChangeTime LastOriginatingChangeUsn LastOriginatingDeleteTime LocalChangeUsn Object<\/p>\n —————————————————————————————————–<\/p>\n Example 3<\/strong><\/span><\/p>\n Now lets say you dont need all of that data and want to format it a little nicer. For example, you wanted to only list the attribute name, lastorignatingtime andLastOriginatingChangeDirectoryServerIdentity sorting the list by lastoriginatingchangetime you could run the following:<\/p>\n The Command<\/strong><\/p>\n Get-ADReplicationAttributeMetadata “CN=BC,OU=WhereIKeepMyUsers,DC=pipe2text,DC=com” -ShowAllLinkedValues -Server mydomaincontroller<\/em> | sort lastoriginatingchangetime | select attributename,lastoriginatingchangetime,LastOriginatingChangeDirectoryServerIdentity<\/p>\n You will now get a nicely formatted list sorted by the attribute change times.<\/p>\n The above is just two examples of how the “Get-ADReplicationAttributeMetadata” cmdlet can be used to find valuable information in Active Directory Replication Metadata. There are many other ways that this cmdlet can be used to find other useful information. For more information on using this cmdlet \u00a0you can simply type “Get-Help Get-ADReplicationAttributeMetadata” and read the help file. Hope this helps. If you have any questions or feedback\u00a0please leave a comment. Thanks.<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Hi All, In this blog I will be writing about a PowerShell cmdlet that is included in the Active Directory Module included in the RSAT Tools for Windows 8. Active Directory stores Replication metadata which contains information\u00a0about changes to\u00a0Active Directory … Continue reading