Brandon posted recently about the UTDV and how to get it in PowerShell. As he mentions in the blog post some chatter on AD Org got him and I going down another road in an offline email stream. This resulted in him finding a .NET method to get this over his really painful way he was doing it. However, one of the things I told him about that he neglected to mention in his post is that you really don’t need any fancy NET methods, this data is available in a simple query response from AD. You simply need to ask for the right attribute….
Specifically you need to ask for msDS-NCReplCursors when querying the NC Head that you care about…
For example to get the info for my default domain on my default domain controller…
G:\>adfind -default -s base msDS-NCReplCursors
AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc
dn:DC=test,DC=loc
>msDS-NCReplCursors: <DS_REPL_CURSOR>
<uuidSourceDsaInvocationID>a34ea639-dd63-4ce8-a1c2-3ecdebd0519d</uuidSourceDsaInvocationID>
<usnAttributeFilter>2132842</usnAttributeFilter>
<ftimeLastSyncSuccess>2008-08-11T21:00:25Z</ftimeLastSyncSuccess>
<pszSourceDsaDN>CN=NTDS Settings,CN=R2DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>
>msDS-NCReplCursors: <DS_REPL_CURSOR>
<uuidSourceDsaInvocationID>4dd96a30-d20d-4b40-bd83-556c172b8d37</uuidSourceDsaInvocationID>
<usnAttributeFilter>3158745</usnAttributeFilter>
<ftimeLastSyncSuccess>2008-08-11T20:52:44Z</ftimeLastSyncSuccess>
<pszSourceDsaDN>CN=NTDS Settings,CN=TEST-DC1,CN=Servers,CN=secondsite,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>
>msDS-NCReplCursors: <DS_REPL_CURSOR>
<uuidSourceDsaInvocationID>47e66f05-61fa-4bff-88e1-2a62b5ef8289</uuidSourceDsaInvocationID>
<usnAttributeFilter>719116</usnAttributeFilter>
<ftimeLastSyncSuccess>2007-05-16T18:47:55Z</ftimeLastSyncSuccess>
<pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>
>msDS-NCReplCursors: <DS_REPL_CURSOR>
<uuidSourceDsaInvocationID>343d88a0-0fef-4df2-ac7c-151aa3106a68</uuidSourceDsaInvocationID>
<usnAttributeFilter>13177</usnAttributeFilter>
<ftimeLastSyncSuccess>2006-07-15T13:43:49Z</ftimeLastSyncSuccess>
<pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>
1 Objects returned
That will work from any LDAP query tool you want to use… And if you want this in a slightly nicer way but willing to use AdFind you can do this
G:\>adfind -default -s base msDS-NCReplCursors;binary
AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007
Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc
dn:DC=test,DC=loc
>msDS-NCReplCursors;binary: 13177 2006/07/15-09:43:49 DeletedDSA
>msDS-NCReplCursors;binary: 719116 2007/05/16-14:47:55 DeletedDSA
>msDS-NCReplCursors;binary: 3158745 2008/08/11-16:52:44 secondsite\TEST-DC1
>msDS-NCReplCursors;binary: 2132849 2008/08/11-17:02:11 Default-First-Site-Name\R2DC1
1 Objects returned
That is a bit cleaner to look at IMO. It also takes less data on the wire and less work on the Domain Controller as it comes over in a BLOB that I know how to decode.
joe
August 11th, 2008 at 8:55 pm
To be clear here… my orginal script did exactly as you stated and translated the blog, but from what I can gather[1] from reflector it seems like GetReplicationCursors does it effectively the same way you did. Although, it does seem to make a call to DsReplicaGetInfo which indicates it gets a tad more info than just that property.
[1] I am not very good at using it yet.
August 12th, 2008 at 10:48 am
The fact that it is using DsReplicaGetInfo means that it is using RPC, not LDAP to get the info. I can do that too if I want to but the LDAP is more flexible, IMO in terms of network access. I try not to use RPC any chance I can. There is more info that can be gotten through RPC though as they haven’t been updating the LDAP info interface but they have been updating the RPC interfaces.
August 12th, 2008 at 1:40 pm
Sorry, could not resist translating it back into PowerShell again
http://thepowershellguy.com/blogs/posh/archive/2008/08/12/uptodateness-vector-utdv-powershell-exercise.aspx
Greetings /\/\o\/\/
August 12th, 2008 at 2:12 pm
I agree… after getting a hold of the reflector I am finding myself continually disappointed with the SDS.Activedirectory namespace.
I will be writing my own methinks