如何知道AD物件在哪一台DC上被刪除?
我們可以採用以下方式.找出目前已經被刪除的Computer 清單及物件在哪一台DC 刪除的
ldifde -f PCs.txt -d DomainDN -r objectclass=computer -x
repadmin /showobjmeta DCName DN
EX:
1. 使用ldifde 找出電腦物件包含已經刪除的物件 (windows 2003 sp2 ldifde 支援 -x 找出刪除物件清單)
ldifde -f PCs.txt -d dc=cx1,dc=contoso,dc=com -r objectclass=computer -x
2.找出您要找的電腦物件名稱之DN
dn: CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn::
WFBTUDMtRERDNzhENzdGCkRFTDpiZThlZTE4Mi1iNGVlLTQyNmUtYmU5NC1lMTQ5OGViMGIyMjc=
distinguishedName:
CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=cominstanceType: 4
whenCreated: 20090318044556.0Z
whenChanged: 20090506050639.0Z
uSNCreated: 455982
isDeleted: TRUE
3.收集 刪除物件的屬性
repadmin /showobjmeta box2 "CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=com"
4.檢視 IsDeleted 物件.來自何DC
41 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
455982 East\BOX1 575762 2009-03-18 12:45:56 1 objectClass
507995 West\BOX2 507995 2009-05-06 13:06:39 4 cn
455982 East\BOX1 575763 2009-03-18 12:45:56 1 description
455982 East\BOX1 575762 2009-03-18 12:45:56 1 instanceType
455982 East\BOX1 575762 2009-03-18 12:45:56 1 whenCreated
507995 West\BOX2 507995 2009-05-06 13:06:39 3 displayName
507995 West\BOX2 507995 2009-05-06 13:06:39 1 isDeleted
455982 East\BOX1 575762 2009-03-18 12:45:56 1 nTSecurityDescriptor
507995 West\BOX2 507995 2009-05-06 13:06:39 4 name
455982 East\BOX1 575764 2009-03-18 12:45:56 3 userAccountControl
507995 West\BOX2 507995 2009-05-06 13:06:39 2 codePage
507995 West\BOX2 507995 2009-05-06 13:06:39 2 countryCode
455982 East\BOX1 575763 2009-03-18 12:45:56 1 homeDirectory
455982 East\BOX1 575763 2009-03-18 12:45:56 1 homeDrive
455982 East\BOX1 575764 2009-03-18 12:45:56 2 dBCSPwd
507995 West\BOX2 507995 2009-05-06 13:06:39 2 localPolicyFlags
455982 East\BOX1 575763 2009-03-18 12:45:56 1 scriptPath
455982 East\BOX1 575763 2009-03-18 12:45:56 1 logonHours
455982 East\BOX1 575763 2009-03-18 12:45:56 1 userWorkstations
507995 West\BOX2 507995 2009-05-06 13:06:39 3 unicodePwd
507995 West\BOX2 507995 2009-05-06 13:06:39 3 ntPwdHistory
507995 West\BOX2 507995 2009-05-06 13:06:39 3 pwdLastSet
507995 West\BOX2 507995 2009-05-06 13:06:39 2 primaryGroupID
507995 West\BOX2 507995 2009-05-06 13:06:39 2 supplementalCredentials
455982 East\BOX1 575763 2009-03-18 12:45:56 1 userParameters
455982 East\BOX1 575763 2009-03-18 12:45:56 1 profilePath
455982 East\BOX1 575762 2009-03-18 12:45:56 1 objectSid
455982 East\BOX1 575763 2009-03-18 12:45:56 1 comment
507995 West\BOX2 507995 2009-05-06 13:06:39 2 accountExpires
507995 West\BOX2 507995 2009-05-06 13:06:39 3 lmPwdHistory
455982 East\BOX1 575762 2009-03-18 12:45:56 1 sAMAccountName
507995 West\BOX2 507995 2009-05-06 13:06:39 2 sAMAccountType
507995 West\BOX2 507995 2009-05-06 13:06:39 2 operatingSystem
507995 West\BOX2 507995 2009-05-06 13:06:39 2 operatingSystemVersion
507995 West\BOX2 507995 2009-05-06 13:06:39 2 operatingSystemServicePack
455982 East\BOX1 575767 2009-03-18 12:45:56 1 dNSHostName
507995 West\BOX2 507995 2009-05-06 13:06:39 2 servicePrincipalName
507995 West\BOX2 507995 2009-05-06 13:06:39 1 lastKnownParent
507995 West\BOX2 507995 2009-05-06 13:06:39 2 objectCategory
507995 West\BOX2 507995 2009-05-06 13:06:39 2 isCriticalSystemObject
507995 West\BOX2 507995 2009-05-06 13:06:39 3 lastLogonTimestamp
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================