joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

UpToDateness Vector (UTDV)

by @ 5:04 pm on 8/11/2008. Filed under tech

Brandon posted recently about the UTDV and how to get it in PowerShell. As he mentions in the blog post some chatter on AD Org got him and I going down another road in an offline email stream. This resulted in him finding a .NET method to get this over his really painful way he was doing it. However, one of the things I told him about that he neglected to mention in his post is that you really don’t need any fancy NET methods, this data is available in a simple query response from AD. You simply need to ask for the right attribute….

Specifically you need to ask for msDS-NCReplCursors when querying the NC Head that you care about…

For example to get the info for my default domain on my default domain controller…

G:\>adfind -default -s base msDS-NCReplCursors

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:DC=test,DC=loc
>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>a34ea639-dd63-4ce8-a1c2-3ecdebd0519d</uuidSourceDsaInvocationID>
        <usnAttributeFilter>2132842</usnAttributeFilter>
        <ftimeLastSyncSuccess>2008-08-11T21:00:25Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN>CN=NTDS Settings,CN=R2DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>4dd96a30-d20d-4b40-bd83-556c172b8d37</uuidSourceDsaInvocationID>
        <usnAttributeFilter>3158745</usnAttributeFilter>
        <ftimeLastSyncSuccess>2008-08-11T20:52:44Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN>CN=NTDS Settings,CN=TEST-DC1,CN=Servers,CN=secondsite,CN=Sites,CN=Configuration,DC=test,DC=loc</pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>47e66f05-61fa-4bff-88e1-2a62b5ef8289</uuidSourceDsaInvocationID>
        <usnAttributeFilter>719116</usnAttributeFilter>
        <ftimeLastSyncSuccess>2007-05-16T18:47:55Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>

>msDS-NCReplCursors: <DS_REPL_CURSOR>
        <uuidSourceDsaInvocationID>343d88a0-0fef-4df2-ac7c-151aa3106a68</uuidSourceDsaInvocationID>
        <usnAttributeFilter>13177</usnAttributeFilter>
        <ftimeLastSyncSuccess>2006-07-15T13:43:49Z</ftimeLastSyncSuccess>
        <pszSourceDsaDN></pszSourceDsaDN>
</DS_REPL_CURSOR>

1 Objects returned

 

That will work from any LDAP query tool you want to use… And if you want this in a slightly nicer way but willing to use AdFind you can do this

G:\>adfind -default -s base msDS-NCReplCursors;binary

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:DC=test,DC=loc
>msDS-NCReplCursors;binary:      13177 2006/07/15-09:43:49      DeletedDSA
>msDS-NCReplCursors;binary:     719116 2007/05/16-14:47:55      DeletedDSA
>msDS-NCReplCursors;binary:    3158745 2008/08/11-16:52:44      secondsite\TEST-DC1
>msDS-NCReplCursors;binary:    2132849 2008/08/11-17:02:11      Default-First-Site-Name\R2DC1

1 Objects returned

 

That is a bit cleaner to look at IMO. It also takes less data on the wire and less work on the Domain Controller as it comes over in a BLOB that I know how to decode.

 

   joe

Rating 3.00 out of 5

4 Responses to “UpToDateness Vector (UTDV)”

  1. To be clear here… my orginal script did exactly as you stated and translated the blog, but from what I can gather[1] from reflector it seems like GetReplicationCursors does it effectively the same way you did. Although, it does seem to make a call to DsReplicaGetInfo which indicates it gets a tad more info than just that property.

    [1] I am not very good at using it yet.

  2. joe says:

    The fact that it is using DsReplicaGetInfo means that it is using RPC, not LDAP to get the info. I can do that too if I want to but the LDAP is more flexible, IMO in terms of network access. I try not to use RPC any chance I can. There is more info that can be gotten through RPC though as they haven’t been updating the LDAP info interface but they have been updating the RPC interfaces.

  3. /\/\o\/\/ says:

    Sorry, could not resist translating it back into PowerShell again 😉

    http://thepowershellguy.com/blogs/posh/archive/2008/08/12/uptodateness-vector-utdv-powershell-exercise.aspx

    Greetings /\/\o\/\/

  4. I agree… after getting a hold of the reflector I am finding myself continually disappointed with the SDS.Activedirectory namespace.

    I will be writing my own methinks 🙂

[joeware – never stop exploring… :) is proudly powered by WordPress.]