RE: [ActiveDir] which GC answers?

adriaoramos Fri, 05 May 2006 08:37:14 -0700

Jorge, thanks a lot, but I don´t know either I am doing something wrong or there´s a problem here.
This is the case:

I have a user (jjunior - Jose Marcondes Junior) that is a lingering object for sure.
I used ldp and found it as I can see here

***Searching...
ldap_search_s(ld, "DC=SABESP,DC=COM,DC=BR", 2, "(sAMAccountName=jjunior)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Jose Marcondes Junior,OU=Usuarios,OU=Pindamonhangaba,DC=sjc,DC=sabesp,DC=com,DC=br
1> canonicalName: sjc.sabesp.com.br/Pindamonhangaba/Usuarios/Jose Marcondes Junior;
1> cn: Jose Marcondes Junior;
1> distinguishedName: CN=Jose Marcondes Junior,OU=Usuarios,OU=Pindamonhangaba,DC=sjc,DC=sabesp,DC=com,DC=br;
4> objectClass: top; person; organizationalPerson; user;
1> objectGUID: 5efc7740-29c6-432f-b255-133b5018c2e3;
1> name: Jose Marcondes Junior;

Using the command you´ve sent to me I get this messager in all my GC´s

repadmin running command /SHOWOBJMETA against server 526daaa4-e98a-444c-8474-eca005b4651b._msdcs.sabesp.com.br

Caching GUIDs.

..Assertion Assertion

17 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 objectClass
153144 RGT-AFERNANDES\RGT-ETARGT1 153144 2006-04-17 17:44:36 1 cn
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 sn
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47424 2004-01-08 11:11:42 1 description
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 givenName
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 instanceType
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 whenCreated
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47424 2004-01-08 11:11:42 1 displayName
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47426 2004-01-08 11:11:43 2 nTSecurityDescriptor
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 name
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47431 2004-01-08 11:11:43 3 userAccountControl
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47424 2004-01-08 11:11:42 1 primaryGroupID
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 objectSid
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 sAMAccountName
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 sAMAccountType
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 userPrincipalName
153144 4b6fb9d1-a80f-4100-8647-f92d9cdc0995 47423 2004-01-08 11:11:42 1 objectCategory
Caching GUIDs.
..Assertion Assertion
DsReplicaGetInfo() failed with status 50 (0x32):
Não há suporte para o pedido. <<<---- (what´s the meaning of this error message?)

and so on in all of them....

With adsiedit looked in many GC and I can not find the user in the OU showed with LDP.
It must be somewhere, mustn´t it? cause LDP is displaying it and I can not use that name (jjnunior) because it is already in use.

I wait your help.....

_______________________________________________
Adrião Ferreira Ramos
[EMAIL PROTECTED]
Equipe Suporte Windows
(11) 3388-8193

"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
Enviado Por: [EMAIL PROTECTED]

05/05/2006 04:30

Favor responder a
ActiveDir@mail.activedir.org

Para	<ActiveDir@mail.activedir.org>
cc
Assunto	RE: [ActiveDir] which GC answers?

it is:

repadmin /showobjmeta GC: "CN=User-ROOT-01,OU=Users,OU=ORG,DC=ADCORP,DC=LAN"

the output will something like:

repadmin running command /showobjmeta against server ed0c6501-28c1-47e9-b3db-5dcf281e9e31._msdcs.ADCORP.LAN

26 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 objectClass
12417 Default-First-Site-Name\ROOTDC002 12417 2006-02-13 11:48:46 1 cn
12417 Default-First-Site-Name\ROOTDC001 14299 2006-02-13 11:41:54 1 description
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 givenName
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 instanceType
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 whenCreated
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 displayName
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 nTSecurityDescriptor
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 name
12417 Default-First-Site-Name\ROOTDC001 14282 2006-02-13 11:40:34 4 userAccountControl
12417 Default-First-Site-Name\ROOTDC001 14278 2006-02-13 11:40:34 1 codePage
12417 Default-First-Site-Name\ROOTDC001 14278 2006-02-13 11:40:34 1 countryCode
12417 Default-First-Site-Name\ROOTDC001 14279 2006-02-13 11:40:34 2 dBCSPwd
12417 Default-First-Site-Name\ROOTDC001 14278 2006-02-13 11:40:34 1 logonHours
12417 Default-First-Site-Name\ROOTDC001 14279 2006-02-13 11:40:34 2 unicodePwd
12417 Default-First-Site-Name\ROOTDC001 14279 2006-02-13 11:40:34 2 ntPwdHistory
12417 Default-First-Site-Name\ROOTDC001 14279 2006-02-13 11:40:34 2 pwdLastSet
12417 Default-First-Site-Name\ROOTDC001 14278 2006-02-13 11:40:34 1 primaryGroupID
12417 Default-First-Site-Name\ROOTDC001 14280 2006-02-13 11:40:34 1 supplementalCredentials
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 objectSid
12417 Default-First-Site-Name\ROOTDC001 14278 2006-02-13 11:40:34 1 accountExpires
12417 Default-First-Site-Name\ROOTDC001 14279 2006-02-13 11:40:34 2 lmPwdHistory
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 sAMAccountName
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 sAMAccountType
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 userPrincipalName
12417 Default-First-Site-Name\ROOTDC001 14277 2006-02-13 11:40:34 1 objectCategory
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================
repadmin running command /showobjmeta against server 01570860-7552-4789-a9ec-401dc63fc8d8._msdcs.ADCORP.LAN
DsBindWithCred to 01570860-7552-4789-a9ec-401dc63fc8d8._msdcs.ADCORP.LAN failed with status 5 (0x5):
Access is denied.

BY THE WAY: don't look at the last line with the access denied as I did this in a test env where I'm testing some things with lingering objects

cheers,
Jorge

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

________________________________

From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Wed 2006-05-03 19:29
To: ActiveDir@mail.activedir.org
Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] which GC answers?

I have a problema running that:

this is one of the objects I want to delete, foudn with ldp
>> Dn: CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br
1> canonicalName: esgoto.sabesp.com.br/Users/adriao;
1> cn: adriao;
1> distinguishedName: CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br;
4> objectClass: top; person; organizationalPerson; user;
1> name: adriao;
what is the exactly DN I have to use?
I tried this ways

C:\>REPADMIN /SHOWOBJMETA GC: CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br > OUTPUTfile.TXT
C:\>REPADMIN /SHOWOBJMETA GC: Dn: CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br :> OUTPUTfile.TXT
C:\>REPADMIN /SHOWOBJMETA GC: <Dn=CN=adriao,CN=Users,DC=esgoto,DC=sabesp,DC=com,DC=br> > OUTPUTfile.TXT

none of them worked.

What is the right command?

what is wrong?

Tnaks a lot

_______________________________________________
Adrião Ferreira Ramos
[EMAIL PROTECTED]
Equipe Suporte Windows
(11) 3388-8193

"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]>
Enviado Por: [EMAIL PROTECTED]

03/05/2006 11:20
Favor responder a
ActiveDir@mail.activedir.org

Para
<ActiveDir@mail.activedir.org>
cc
Assunto
RE: [ActiveDir] which GC answers?

a way to check this is:

REPADMIN /SHOWOBJMETA GC: <DN of lingering object> > OUTPUT.TXT

GC: targets ALL GCs in the forest

For each GC:
* you get the metadata of the object if it exists on the GC
OR
* you get "Directory object not found" if the object does not exist

in addition to this you can wrap a script around this that takes away some manual stuff you must do.

Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>

________________________________

From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Wed 2006-05-03 14:44
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] which GC answers?

When I use ldp and I found a user (lingering) how can I know which GC of many of them has that copy of the object? I use ADSIEDT, but I have many GC´s. is there a easier way to discover in which of them it is?

Thanks

Adrião F Ramos

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

winmail.dat
Description: Binary data

RE: [ActiveDir] which GC answers?

Reply via email to