Finding Active Directory unreplicated attributes

Hello,

By design, domain controllers do not replicate all attributes of an object. Indeed, some of them are DC owned and are different on several DC’s in the same domain.

You can find them with PowerShell :

#Unreplicated Attributes$dse = [adsi]“LDAP://RootDSE”
$SchemaPart=$dse.schemaNamingContext
$UnReplSearcher=[ADSISearcher]"(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))"
$UnReplSearcher.SearchRoot=[adsi]"LDAP://$SchemaPart"
$UnReplSearcher.FindAll() | Select-Object -ExpandProperty Path | % {($_ -split ",")[0]} | % {($_ -split "=")[1]} | Sort-Object

 

Leave a Reply