Techibee.com

PowerShell: How to know the originating DC of a Active Directory object

Originating DC means the Domain controller on which the object is created first. From the originating DC, the changes will replicate to other DCs in the domain. Some times this information is useful/crucial to know where exactly the object is created. This helps is troubleshooting AD replication related issues and sometimes in forensic investigation.

When ever a object is created in active directory, it stores the originating DC name in the meta data of that object. Meta data is something which we can not see from the general AD management tools like dsa.msc or adssite.msc. To view meta data, either we need to use repadmin or the dotnet object. You all know how to use repadmin so in this post I will give you a powershell script which displays the metadata of a given object.

$Domain = "techibee.com"
$objectDN = "cn=user1,cn=users,dc=techibee,dc=com"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain)
$dc = [System.DirectoryServices.ActiveDirectory.DomainController]::findOne($context)
$meta = $dc.GetReplicationMetadata($objectDN)
$meta.values

The above script takes two arguments, domain name and object DN and lists all the attributes and their originating DC names. Hope this helps…

 

Exit mobile version