Finding Partial Attributes Set of Active Directory Global Catalog

Posted on by

Hello,

By design, Active Directory Global Catalog Domain Controllers replicates more attributes to each other (between the same forest) than to others Domain controllers (No GC, local domain). Those attributes replicated between global catalog of the forest are called “Partial Attributes Set” (PAS), and you can  see those with the schema mmc :

PAS-GC-SamAccountName

The PAS is configured by the case “Replicate this attribute to the Global Catalog”.

As usual, you can find all of those attributes with PowerShell :

#GC Attributes
$dse = [adsi]“LDAP://RootDSE”
$SchemaPart=$dse.schemaNamingContext
$GCAttSearcher=[ADSISearcher]"(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))"
$GCAttSearcher.SearchRoot=[adsi]"LDAP://$SchemaPart"
$GCAttSearcher.FindAll() | Select-Object -ExpandProperty Path | % {($_ -split ",")[0]} | % {($_ -split "=")[1]} | Sort-Object

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.