12.11. Finding Conflict Objects
Problem
You want to find conflict objects that are a result of replication collisions.
Solution
Using a graphical user interface
Open LDP.
From the menu, select Connection → Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389 or 3268 for the global catalog.
Click OK.
From the menu, select Connection → Bind.
Enter credentials (if necessary) of a user that can view the object.
Click OK.
From the menu, select Browse → Search.
For BaseDN, type the base DN from where you want to start the search.
For Scope, select the appropriate scope.
For Filter, enter
(|(cn=*\0ACNF:*)(ou=*\0ACNF:*))
.Click Run.
Using a command-line interface
The following command finds all conflict objects within the whole forest:
> dsquery * forestroot -gc -attr distinguishedName -scope subtree -filter[RETURN]
"(|(cn=*\0ACNF:*)(ou=*\0ACNF:*))"
Using VBScript
' This code finds any conflict objects in a forest.
' If the search times out, you may need to change strBase to
' a specific OU or container
' ------ SCRIPT CONFIGURATION ------
strBase = "<GC://" & "<ForrestRootDN
>" & ">;" ' ------ END CONFIGURATION --------- strFilter = "(|(cn=*\0ACNF:*)(ou=*\0ACNF:*));" strAttrs = "distinguishedName;" strScope = "Subtree" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) WScript.Echo objRS.RecordCount & " conflict objects found" ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.