10.15. Finding the Nonreplicated and Constructed Attributes

Problem

You want to find the attributes are not replicated or are constructed by Active Directory.

Solution

Using a graphical user interface

  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a domain user.

  8. Click OK.

  9. From the menu, select Browse Search.

  10. For BaseDN, type the Schema Container DN (e.g., cn=schema,cn=configuration,dc=rallencorp,dc=com).

  11. For Scope, select One Level.

  12. To find nonreplicated attributes, use the following for Filter:

    (&(objectcategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))

  13. To find constructed attributes, use the following for Filter:

    (&(objectcategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))

  14. Click Run.

Using a command-line interface

To find the nonreplicated attributes, use the following command:

> dsquery * cn=schema,cn=configuration,<ForestRootDN> -scope onelevel -attr "cn"[RETURN]
-filter "(&(objectcategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))"

To find the constructed attributes, use the following command:

> dsquery * cn=schema,cn=configuration,<ForestRootDN> -scope onelevel -attr "cn"[RETURN]
-filter "(&(objectcategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))"

Using VBScript

' This script will print out the nonreplicated and constructed attributes set objRootDSE ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial