Track changes of AD objects with REPADMIN
Timestamps and changes of AD objects can be made visible with REPADMIN
A well-known problem for many administrators:
An error occured and when questioned what has been changed – of course ‘nothing has been changed’ will be the answer.
Using the “Active Directory Users and Computers” MMC console will only reveal time and date of the last change, but it will not show what was actually changed.
REPADMIN command to see changes of AD objects
Use the command REPADMIN to inspect the changes of individual LDAP attributes associated of objects with the time stamps on objects in Active Directory.
- USN (update sequence number)
- DC (Domain Controller) where changes were effected
- Time and date of the change
- Name of the LDAP attribute that has been change
Syntax:
Repadmin /showobjmeta <DomainController> “Distinguished Name of the Object“
Example:
|
1 |
repadmin /showobjmeta S01UNIDE0103 “CN=jens.kuenzler,OU=user,OU=FirstAttribute-AG,OU=I0001,OU=EN,DC=en01,DC=univice,DC=biz“ |
Output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
Loc.USN former DSA f. USN f. time/date Ver Attribut 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 objectClass 17538 Standort01\S01UNIDE0101 17538 2010-06-10 16:56:53 1 cn 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 sn 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 c 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 l 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 description 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 postalCode 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 telephoneNumber 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 facsimileTelephoneNumber 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 givenName 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 initials 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 instanceType 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 whenCreated 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 1420690 2009-07-15 17:02:05 2 displayName 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 deletedItemFlags 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 co 1209603 Standort01\S01UNIDE0102 3855162 2011-02-03 11:00:35 1 department 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 company 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 844755 2009-04-21 22:09:26 2 homeMTA 17538 Standort01\S01UNIDE0103 309092 2009-02-24 22:25:41 4 proxyAddresses 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 844755 2009-04-21 22:09:26 2 homeMDB 1209603 Standort01\S01UNIDE0102 3855160 2011-02-03 11:00:35 2 streetAddress 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 mDBStorageQuota 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 mDBOverQuotaLimit 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 nTSecurityDescriptor 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 garbageCollPeriod 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 mDBUseDefaults 17538 Standort01\S01UNIDE0103 309092 2009-02-24 22:25:41 2 targetAddress 17538 Standort01\S01UNIDE0102 786944 2009-04-14 23:53:10 2 extensionAttribute1 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 extensionAttribute2 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 mailNickname 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 844756 2009-04-21 22:09:26 1 protocolSettings 17538 Standort01\S01UNIDE0102 273657 2009-02-16 10:32:35 3 extensionAttribute14 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 extensionAttribute15 17538 Standort01\S01UNIDE0102 447837 2009-03-03 12:35:15 3 name 17538 Standort01\S01UNIDE0102 273297 2009-02-16 10:18:29 3 userAccountControl 17538 Standort01\S01UNIDE0102 273265 2009-02-16 10:18:28 1 codePage 17538 Standort01\S01UNIDE0102 273265 2009-02-16 10:18:28 1 countryCode 17538 Standort01\S01UNIDE0102 273287 2009-02-16 10:18:29 2 dBCSPwd 17538 Standort01\S01UNIDE0102 273265 2009-02-16 10:18:28 1 logonHours 17538 Standort01\S01UNIDE0102 273287 2009-02-16 10:18:29 2 unicodePwd 17538 Standort01\S01UNIDE0102 273287 2009-02-16 10:18:29 2 ntPwdHistory 17538 Standort01\S01UNIDE0102 273289 2009-02-16 10:18:29 3 pwdLastSet 17538 Standort01\S01UNIDE0102 273265 2009-02-16 10:18:28 1 primaryGroupID 17538 Standort01\S01UNIDE0102 273288 2009-02-16 10:18:29 1 supplementalCredentials 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 337469 2009-02-25 11:57:38 4 userParameters 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 objectSid 17538 Standort01\S01UNIDE0102 273265 2009-02-16 10:18:28 1 accountExpires 17538 Standort01\S01UNIDE0102 273287 2009-02-16 10:18:29 2 lmPwdHistory 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 sAMAccountName 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 sAMAccountType 17538 Standort01\S01UNIDE0102 273306 2009-02-16 10:18:30 1 sIDHistory 915746 Standort01\S01UNIDE0101 915746 2010-11-22 22:06:22 14 showInAddressBook 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 legacyExchangeDN 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 userPrincipalName 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 objectCategory 2402797 Standort01\S01UNIDE0101 2402797 2011-08-27 14:10:01 92 lastLogonTimestamp 2412124 Standort01\S01UNIDE0101 2412124 2011-08-29 10:11:41 1215 msTSExpireDate 17538 Standort01\S01UNIDE0103 340685 2009-02-26 09:49:13 1 msTSLicenseVersion 190375 Standort01\S01UNIDE0101 190375 2010-07-05 08:30:24 2 msTSManagingLS 17538 Standort01\S01UNIDE0103 274517 2009-02-19 22:50:27 2 textEncodedORAddress 17538 Standort01\S01UNIDE0102 280086 2009-02-17 12:19:05 3 mail 1209603 Standort01\S01UNIDE0102 3855161 2011-02-03 11:00:35 1 mobile 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 844755 2009-04-21 22:09:26 2 msExchHomeServerName 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 896354 2009-04-29 10:28:55 6 msExchALObjectVersion 17538 d9ab7317-0da8-4424-b8cd-6b21d66740e0 794837 2009-04-14 23:23:41 1 msExchUseOAB 17538 Standort01\S01UNIDE0102 273657 2009-02-16 10:32:35 1 msExchMailboxSecurityDescriptor 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchUserAccountControl 17538 Standort01\S01UNIDE0102 273264 2009-02-16 10:18:28 1 mDBOverHardQuotaLimit 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchMailboxGuid 17538 Standort01\S01UNIDE0102 785447 2009-04-14 21:41:57 1 msExchQueryBaseDN 17538 Standort01\S01UNIDE0102 785910 2009-04-14 22:22:07 2 uniAddressListIdentifier 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchPoliciesIncluded 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchMDBRulesQuota 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchRecipientDisplayType 17538 Standort01\S01UNIDE0103 341964 2009-02-26 12:13:15 1 msExchUserCulture 17538 Standort01\S01UNIDE0103 274517 2009-02-19 22:50:27 1 msExchMessageHygieneSCLJunkThreshold 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchVersion 17538 Standort01\S01UNIDE0102 273693 2009-02-16 10:32:42 1 msExchRecipientTypeDetails 17538 Standort01\S01UNIDE0103 1270697 2009-06-27 12:02:07 1 msExchMobileMailboxFlags |
Artikel erstellt am: 22.11.2013
1 Comment
Leave your reply.