Skip to content
cropped-migration-life_3.jpg

Cloudy Migration Life

Blog for Active Directory and Exchange migration projects. Insights into Active Directory Federation Services and Web Application Server.

  • Welcome to the Cloudy Migration Life Blog!
  • Legal Note
  • Active Directory
  • ADFS
  • Code
  • Exchange
  • Office 365
  • Powershell
  • Migration Manager for Active Directory
  • Migration Manager for Exchange
  • Web Application Proxy (WAP)

AD metadata

Tool Factory: Introducing PS-REPADMIN 1.0 – Part 1

Posted on 2014/07/042014/08/07 by rkmigblog
group_single_mode_1
PS_REPADMIN 1.0

 

Background
Multiple services modifying attributes in Active Directory
In our Active Directory migration projects and IDM implementations we often come to situations where we need to have a look at the metdata of Active Directory attributes. When different synchronization services can modify attributes and local IT administration is ongoing, it is helpful to see very quickly which attribute was changed when and on which domain controller.

REPADMIN and PS-REPADMIN
Assumption made, that running synchronization services like DSA from Dell Migration Manager for Active Directory and maybe Forefront Identity Manager use different Domain Controllers, the object and attribute metadata can help you to sort out what was the latest change and by which tool in which domain.
When we were forced to use the native CL tool REPADMIN over and over to get evidence of what and when changed group membership, we decided to create the GUI based PS-REPADMIN utility.
The task of getting the Active Directory metadata at a glance for one identity in one or two domains – including the actual attribute values – is now easier to handle and see.
In comparison mode, you can see the metdata of a cross-forest synchronized object side-by-side and find out lack of synchronization streams.

Requirements
The utility is built with Sapien Powershell Studio  and fully based on Powershell and .NET. It requires Powershell 3.0 and the Active Directory Module to be present on the executing host. Active Directory Management Gateway Service needs to be present on Windows 2003 and Windows 2008 domain controllers, while no special requirments are necessary for Windows 2008R2 and later.
The utility was designed and tested for user and group objects.
The executing account needs to have read permissions in all domains on the objects you want to query for the metadata.

Posted in Active Directory, Directory Synchronization, General, Powershell, ToolsTagged AD metadata, metadata, ps-repadmin, repadmin, utility2 Comments

About this Blog

The Intention of this Blog is to share day-to-day experiences from our Active Directory and Exchange Migration projects based on our own experience and on official product documentation. Technical Statements, solution descriptions and code samples are provided "as is" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of fitness for a particular purpose. Using Information and code from this Blog in production environment is at own risk.

Blogroll

  • Silverstar Consulting

Recent Posts

  • Access Control Policies and Issuance Authorization Rules in ADFS 4.0 – Part 2
  • Tool Factory: Release of PS-REPADMIN 1.9
  • Access Control Policies and Issuance Authorization Rules in ADFS 4.0 – Part 1

Categories

Archives

Trademark info

Quest Migration Manager for Exchange, Quest Migration Manager for Active Directory, Notes Migrator for Exchange, Recovery Manager for Active Directory are registered Trademarks of Quest.

Posts from Migration Life

  • RSS - Posts
Follow Cloudy Migration Life on WordPress.com

Enter your email address to follow this blog and receive notifications of new posts by email.

Follow Cloudy Migration Life on WordPress.com
Blog at WordPress.com.
Cancel