Finding Filter Attribute Set of RODC in Active Directory

Posted on by

Hello,

By design, Read Only Domain controllers does not replicate all attributes, those which aren’t replicate are called “Filter Attribute Set” (FAS), you can find them with that PowerShell example :

$dse = [adsi]“LDAP://RootDSE”
$SchemaPart=$dse.schemaNamingContext
$RODCFASSearcher=[ADSISearcher]”(searchFlags:1.2.840.113556.1.4.803:=512)”
$RODCFASSearcher.SearchRoot=[adsi]”LDAP://$SchemaPart”
$RODCFASSearcher.FindAll() | Select-Object -ExpandProperty Path | % {($_ -split “,”)[0]} | % {($_ -split “=”)[1]} | Sort-Object

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.