Re: [ActiveDir] How do you determine if information about an object is replicted?

Thu, 05 Aug 2004 16:16:19 -0700 

Perfect.  Exactly what I wanted to know.  I'm off to run the adfind
tool in my test forest and see the results.

Thanks for the information.

Cheers

On Thu, 5 Aug 2004 18:41:22 -0400, joe <[EMAIL PROTECTED]> wrote:
> I saw your previous post, just didn't get a chance to hit it yet.
> 
> The answer, if I understand the question, is the schema.
> 
> Whether an attribute replicates or not is controlled by a bit in the
> systemFlags attribute. Bit 1 to be exact...
> 
> So if you want to look at your AD and find out all attributes that don't
> replicate you do the following
> 
> Adfind -schema -bit -f systemflags:AND:=1 ldapdisplayname
> 
> In my main test forest which is 2K3 Native (brand new not 2K upgrade) with
> 2K3 installed (brand new not 2K upgrade) I get about or so non-replicating
> attributes. If I filter out backlinks (exercise for the class why you don't
> have to replicate back links...) with the following query
> 
> Adfind -schema -bit -f "&(systemflags:AND:=1)(!(linkid:AND:=1))"
> ldapdisplayname
> 
> I get 31 attributes and they are below...
> 
> In the meanwhile, settings for DNS that don't get replicated are probably
> kept in the registry or some config file for DNS.
> 
>  joe
> 
> [Thu 08/05/2004 18:39:11.21]
> F:\DEV\cpp\NetSess>Adfind -schema -bit -f
> "&(systemflags:AND:=1)(!(linkid:AND:=1))" ldapdisplayname
> 
> AdFind V01.17.00cpp Joe Richards ([EMAIL PROTECTED]) May 2004
> 
> Transformed Filter:
> &(systemflags:1.2.840.113556.1.4.803:=1)(!(linkid:1.2.840.113556.1.4.803:=1)
> )
> Using server: 2k3dc01.joe.com
> Base DN: CN=Schema,CN=Configuration,DC=joe,DC=com
> 
> dn:CN=Last-Logoff,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: lastLogoff
> 
> dn:CN=Last-Logon,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: lastLogon
> 
> dn:CN=Bad-Password-Time,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: badPasswordTime
> 
> dn:CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: badPwdCount
> 
> dn:CN=Logon-Count,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: logonCount
> 
> dn:CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: replPropertyMetaData
> 
> dn:CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: replUpToDateVector
> 
> dn:CN=Reps-From,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: repsFrom
> 
> dn:CN=Reps-To,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: repsTo
> 
> dn:CN=RID-Next-RID,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: rIDNextRID
> 
> dn:CN=RID-Previous-Allocation-Pool,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: rIDPreviousAllocationPool
> 
> dn:CN=Schema-Update,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: schemaUpdate
> 
> dn:CN=Modified-Count,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: modifiedCount
> 
> dn:CN=Server-State,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: serverState
> 
> dn:CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: msDS-Cached-Membership
> 
> dn:CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,DC=joe,D
> C=com
> >lDAPDisplayName: msDS-Cached-Membership-Time-Stamp
> 
> dn:CN=Sub-Refs,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: subRefs
> 
> dn:CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: msDS-ExecuteScriptPassword
> 
> dn:CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: dSCorePropagationData
> 
> dn:CN=Obj-Dist-Name,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: distinguishedName
> 
> dn:CN=Object-Guid,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: objectGUID
> 
> dn:CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: msDS-ReplicationEpoch
> 
> dn:CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,DC=joe,DC=
> com
> >lDAPDisplayName: msDS-RetiredReplNCSignatures
> 
> dn:CN=USN-Changed,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: uSNChanged
> 
> dn:CN=USN-Created,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: uSNCreated
> 
> dn:CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,DC=joe,DC=c
> om
> >lDAPDisplayName: partialAttributeDeletionList
> 
> dn:CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: partialAttributeSet
> 
> dn:CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: uSNLastObjRem
> 
> dn:CN=Pek-List,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: pekList
> 
> dn:CN=When-Changed,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: whenChanged
> 
> dn:CN=Prefix-Map,CN=Schema,CN=Configuration,DC=joe,DC=com
> >lDAPDisplayName: prefixMap
> 
> 31 Objects returned
> 
> [Thu 08/05/2004 18:39:15.40]
> F:\DEV\cpp\NetSess>
> 
> 
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Steve
> Sent: Thursday, August 05, 2004 10:40 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] How do you determine if information about an object is
> replicted?
> 
> (Resend as I did not see this hit the list yesterday)
> 
> This is a learning question.  Nothing is broken but I would like to know
> where some information is located.
> 
> How can I tell and where do I go to find out what information is replicated
> in Active Directory at the DNS zone level itself.  For example, if you
> create a new zone in AD, all the contents of the zone are replicated, all
> the information under the Start of Authority Tab is replicated, but the
> contents of the Zone Transfer tab are not.
> 
> I guess what I'm really asking for is where is the list of all the objects
> that are replicated using AD located?  In searching MSDN, I looked though
> the schema definitions but did not see a field indicating if it was
> replicated or not.
> 
> I know that when a DNS zone is Active Directory Integrated, if you go into
> ADUC (or other methods) under System\MicrosoftDNS you see the replicated
> zone files and dnsnode information. But as far as I can see, the actual
> properties of the zone are not shown, just the contents.
> 
> Thanks!
> 
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ    : http://www.activedir.org/list_faq.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to