Look for the fSMORoleOwner attribute (DN format) on the object in question, e.g.
CN=Schema,CN=Configuration,DC=myco,DC=com fSMORoleOwner: CN=NTDS Settings,CN=Server1,CN=Servers,CN=Site1,CN=Sites,CN=Configuration,DC=myco,DC=com; I don't know of an LDAP monitor as such, but you can set logging in such a way that it shows all searches. Have a look at Robbie Allen's AD Cookbook. Also, this presentation provides some good info. http://www.rallenhome.com/conferences/RAllen_LDAP_Searching.ppt Tony ---------- Original Message ---------------------------------- From: "Sanz de Leon, Juan Carlos" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 27 Oct 2004 13:43:17 +0200 Dear gurus, We recently had a problem where the Schema Master ROLE was not recognized in the forest. Whenever we queried the DCs in our forest to indicate the Schema Master, the answer gave an error. To solve the issue we had to Seize the Schema Master role using ntdsutil. Now the question. What attribute in AD is the one that establishes who has the different roles of the forest or domain ? I know it is in the configuration partition, probably under NTDS settings... What I don�t know is the attribute in AD that decides who has which role. Anyone know of an LDAP monitor ? similar to regmon from sysinternals. Thanks in advance, Juan Carlos Sanz de Le�n List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
