repadmin查看活动目录内的对象属性
2009-04-09 13:48
316 查看
Repadmin /showattr
Displays the attributes of an object.
Although the repadmin /showobjmeta command displays the number of times that the attributes on an object have changed and which domain controller made those changes, the repadmin /showattr command displays the actual values for an object. The repadmin /showattr command can also display the values for objects that are returned by a command-line Lightweight Directory Access Protocol (LDAP) query.
An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).
By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query the read-only partitions of a global catalog server.
For examples of how to use this command, see Examples.
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
The following example queries a specific domain controller and shows all attributes for an object using its object GUID:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
The following example queries all domain controllers whose computer names start with HQ-DC and shows the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
The following example queries a single domain controller named hq-dc-01 and returns the attributes operating system version and service pack revision for all domain controller computers, targeted by primary group ID = 516, which identifies enterprise domain controllers:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
The following example queries the read-only partitions (/gc) of all global catalogs ("gc:") in the forest to see if those partitions contain a copy of a specific object that is referenced by its object GUID. This command is useful for determining which domain controllers replicated an important change or contain a lingering object:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
Displays the attributes of an object.
Although the repadmin /showobjmeta command displays the number of times that the attributes on an object have changed and which domain controller made those changes, the repadmin /showattr command displays the actual values for an object. The repadmin /showattr command can also display the values for objects that are returned by a command-line Lightweight Directory Access Protocol (LDAP) query.
An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).
By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query the read-only partitions of a global catalog server.
For examples of how to use this command, see Examples.
Syntax
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
/showattr <DSA_LIST> <OBJ_LIST> [OBJ_LIST Options] [/atts:<att1>,<att2>...] [/allvalues] [/long] [/dumpallblob]
Parameters
Parameter | Description |
---|---|
<DSA_LIST> | Specifies the host name of a domain controller or a list of domain controllers that are separated in the list by single spaces. For detailed syntax, see Repadmin. |
<OBJ_LIST> [OBJ_LIST Options} | Specifies the distinguished name or object GUID of the object whose attributes you want to enumerate. When you perform an LDAP query from a command prompt, this parameter forms the base distinguished name path for the search. Enclose distinguished names that contain spaces in quotation marks. |
/atts | Returns values for specified attributes only. You can display values for multiple attributes by separating them with commas. |
/allvalues | Displays all attribute values. By default, this parameter displays only 20 attribute values for an attribute. |
/gc | Specifies the use of TCP port 3268 to query read-only global catalog partitions. |
/long | Displays one line for each attribute value. |
/dumpallblob | Displays all binary attribute values. This command is similar to /allvalues, but it displays binary attribute values. |
Examples
The following example queries a specific domain controller and shows all attributes for an object using its distinguished name:![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
repadmin /showattr hq-dc-01 "cn=enterprise administrators,cn=users,dc=contoso,dc=com"
The following example queries a specific domain controller and shows all attributes for an object using its object GUID:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
repadmin /showattr hq-dc-01 "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>"
The following example queries all domain controllers whose computer names start with HQ-DC and shows the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
Repadmin /showattr hq-dc* "DC=contoso,DC=com" /atts:msDS-Behavior-Version
The following example queries a single domain controller named hq-dc-01 and returns the attributes operating system version and service pack revision for all domain controller computers, targeted by primary group ID = 516, which identifies enterprise domain controllers:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
repadmin /showattr hq-dc-01 ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack
The following example queries the read-only partitions (/gc) of all global catalogs ("gc:") in the forest to see if those partitions contain a copy of a specific object that is referenced by its object GUID. This command is useful for determining which domain controllers replicated an important change or contain a lingering object:
![](http://i.technet.microsoft.com/Global/Images/clear.gif)
Copy Code
repadmin /showattr gc: "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>" /gc
相关文章推荐
- 查看删除对象(活动目录快照配置管理系列五)
- 活动目录对象属性批量修改工具------ADModify
- [4月8日的脚本] 显示活动目录(AD)中被删除的对象 (PowerShell)
- windows server 恢复活动目录中误删除用户等对象
- 不备份还原活动目录对象
- DirectorySearcher 的PropertiesToLoad所有属性 活动目录属性暂无验证的
- Hibernate 的javassiste对象在eclipse的debug里面看查看属性为空,使用get方法可以看到属性值
- 从零开始学_JavaScript_系列(24)——查看对象属性,合并数组
- js查看对象属性的方法
- 制作FAT12软盘以查看软盘的根目录条目+文件属性+文件内容
- 如何及时还原被删除的活动目录对象
- file标签之act=info,查看文件或目录属性信息
- 查看JS对象中的所有属性
- 了解活动目录操作主机角色及GUI&命令行查看方法
- runtime查看对象的属性列表、方法列表
- 网页DOM中查看某对象所有属性的脚本范例
- 查看对象的属性,方法的快捷办法 dir 跟 type
- linux 里查看文件和目录的属性ls -l
- 查看活动目录的架构版本
- 活动目录对象删除与保护深入理解 推荐