Keeping Track of Changes That Have Occurred Over a Period of Time
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
There could be multiple occasions where we would be interested in finding out the number of changes that are either pending replication or that have occurred to a specified directory partition over a period of time.
For example:
You may want to get statistics of all the changes that have occurred to a domain partition over a period of one day or one week so that you can use this data to either support or calculate intersite replication bandwidth requirements.
This will help with troubleshooting replication issues and reviewing changes that have not replicated between two partners.
The repadmin /showchanges command has two syntaxes that can helpful in these situations.
Syntax1
repadmin /showchanges <SourceDC> <NamingContext> [/cookie: <File>] [/atts: <attribute>,<attribute>,...]
Syntax2
repadmin /showchanges <DestDC> <SourceDCObjectGUID> <NamingContext> [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts: <attribute1>,<attribute2>,...] [/filter: <ldap filter>]
Parameter |
Description |
<DestDC> |
Specifies the host name of the destination domain controller from which to enumerate the host domain controllers. |
<SourceDC> |
Specifies the host name of the domain controller that hosts the directory partition whose changes you want to view. |
<NamingContext> |
Specifies the distinguished name of the directory partition. |
/cookie:<File> |
Specifies a name for the file to which list changes are saved. |
/atts:<attribute>,<attribute>,... |
Returns only the attributes specified. Separate each listed attribute with a comma. |
<SourceDCObjectGUID> |
Specifies the unique hexadecimal number that identifies the object whose changes will be listed. The objectGUID can be retrieved by using the /showreps operation. |
/verbose |
Lists detailed information. |
/statistics |
Displays a summary of information about changes instead of a list of individual changes. |
/noincremental |
Returns changes in value change format, which lists current values for attributes as well with attributes that have been added or deleted. If not specified, changes are returned in attribute change format, which shows only the current value of the attribute. |
/objectsecurity |
Overrides the need for the GetChanges right to the directory partition. By default, this right is necessary to run the GetChanges parameter. However, only changes that the currently logged on user has the rights to view are displayed. |
/ancestors |
Returns changes in Update Sequence Number (USN) order. |
/filter:<ldap filter> |
Returns only those changes that meet the filter requirements. |
Syntax 1 can be used to compare changes that occurred to a specified directory partition over a period of time.
The idea here is to:
Create a cookie file that saves changes to a directory partition that could be used for later comparisons. The first time you use the cookie option, it may take a long time (depending on the size of your partition) to create the file. It is important to note that we store only metadata about all the changes that have occurred to this cookie file on the entire set of domain controllers.
Later on when you present this cookie file to any domain controller, it will update the cookie file and provide you with just the change deltas since the last time it was updated.
Example: Compare changes occurred to configuration partition over a period of time
.gif "Repadmin /showchanges")
How to interpret the data
Prior to running the showchanges, a cookie file was created using the following syntax:
repadmin /showchanges . cn=configuration,dc=contoso,dc=com /cookie:config
Re ran repadmin /showchanges after some time against another domain controller, which not only displayed the changes but also updated the cookie file called config.
Three objects have been changed. In our example, all the changes are pertaining to Intersite Topology Generators (ISTGs). Because the forest functional level is Windows 2000, we still update the ISTG Keep Alive stamp every 30 minutes.
You could further apply filters to just target the partitions and objects of your interest.
Display changes not replicated between two partners
Syntax 2, shown earlier, is used here to display pending replication changes between partners.
Example: Display pending replication changes (config partition) between two replication partners
In this example (figure 3.10.1.1), we ran repadmin /showchanges to compare the destinations up-to-date vector with the source and determined that there are two outstanding changes for the configuration partition.
.gif "Repadmin /showchanges")
Example: Usage of a filter
In the following example (figure 3.10.1.2), we applied a filter (/filter:"(objectclass=sitelink)”) to just provide only changes occurred to the sitelink objectclass since the last successful replication.
.gif "Repadmin /showchanges /filter")
Example: listing only the summary as opposed to individual changes
In the following example (figure 3.10.1.3), the previous changes are listed as summary obtained by the /statistics switch.
.gif "Repadmin /showchanges /statistics")