August 22nd, 2005

How Can I Determine Which Attributes are Replicated to the Global Catalog?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I find out which attributes are replicated to the global catalog?

— AS

SpacerHey, Scripting Guy! AnswerScript Center

Hey, AS. When people envision the future, they often foresee enormous skyscrapers, buildings so large that you might live your whole life without ever leaving them: you’ll live there, work there, go to school there, buy your groceries there, etc. (In fact, about the only time you’ll ever leave the building is when you go out to get the newspaper: even in the future, newspaper delivery people will still toss the paper under the car, in the rose bushes, or halfway out into the street.)

Active Directory serves as sort of a sneak peek of what the future might be like: pretty much everything you need in order to manage Active Directory is actually stored in Active Directory. Obviously Active Directory houses your user and computer accounts. However, via the schema Active Directory also houses information about everything that could be stored in Active Directory. Objects, classes, properties, methods, even information about which attributes are replicated to the global catalog: it’s all there in Active Directory. And it’s all accessible to scripters.

In other words, if you want to know which attributes are replicated to the global catalog, all you have to do is run a script like this:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject(“ADODB.Connection”) Set objCommand = CreateObject(“ADODB.Command”) objConnection.Provider = “ADsDSOObject” objConnection.Open “Active Directory Provider” Set objCommand.ActiveConnection = objConnection

objCommand.Properties(“Page Size”) = 1000 objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE

objCommand.CommandText = _ “SELECT Name FROM ‘LDAP://cn=Schema,cn=Configuration,dc=fabrikam,dc=com’ WHERE ” & _ “objectClass=’attributeSchema’ AND isMemberOfPartialAttributeSet=TRUE” Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo objRecordSet.Fields(“Name”).Value objRecordSet.MoveNext Loop

What we’re doing here is using ActiveX Data Objects (ADO) to do a search of the Configuration container in Active Directory; that’s where we’ll find the schema, and the schema has information about all the attributes available to us. We won’t talk about the code for conducting the search itself; if you’d like to learn more about searching Active Directory you should take a look at our two-part Tales from the Script series on that very subject. What we will talk about is the query we use when conducting our search:

objCommand.CommandText = _
    “SELECT Name FROM ‘LDAP://cn=Schema,cn=Configuration,dc=fabrikam,dc=com’ WHERE ” & _
        “objectClass=’attributeSchema’ AND isMemberOfPartialAttributeSet=TRUE”

As you can see, we’re binding to the schema and then looking for items that meet two criteria. First, the items must have an objectClass equal to attributeSchema; that’s just a fancy way of saying that we only want attributes. Second, we only want attributes where the isMemberOfPartialAttributeSet attribute is True. (Yes, attributes can have attributes.) Needless to say, isMemberOfPartialAttributeSet isn’t one of the better names we here at Microsoft have ever come up with; in fact, it might be one of the least obvious and intuitive. But if this value is True, then the attribute is replicated to the global catalog. (We assume the name derives from the fact that the global catalog represents only a partial set of Active Directory attributes, seeing as how only a subset of all the attributes is replicated to the global catalog.)

At any rate, run the script and you should get back a list of all the attributes that are replicated to the global catalog. And, if nothing else, that will give you something to read if you don’t feel like venturing into the neighbor’s yard looking for your newspaper.

True story. A few weeks ago a short in the electrical box caused one of the Scripting Garages to catch fire, a fire which started around 2:00 AM. The Scripting Guy who owns the garage was standing in the middle of the road, watching the firefighters put out the fire, when a car weaved its way through the mass of fire trucks, drove over a fire hose, pulled up to the driveway, and tossed the newspaper into the middle of the action (close enough to the fire that the plastic bag the paper was wrapped in actually melted a little). Talk about neither rain nor snow nor gloom of night!

Yes, we know: that’s the Postal Service motto. But you get the idea.

Incidentally, no one was hurt in the fire and the damage was relatively minor. In fact, at the rate they’re going now, the contractors ought to have the garage fully repaired about the same time those gigantic skyscrapers get built.

Author

0 comments

Discussion are closed.