View the metadata for an AD object to find out more details about when its specific attributes were modified. This is very handy when trying to troubleshoot details about a specific object.. See when and where an attribute was updated which can also help track down who made the change if the entry was captured in the domain controller event logs.
Here’s the syntax and an example of what data you will get back.
Repadmin /showobjmeta DCNAME “full object DN”
C:>repadmin /showobjmeta DC01 “cn=SVCAccount,ou=accounts,dc=domain,dc=corp”
58 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =========== ======== =========
16740030 DFW1DC01 16740030 2009-10-28 11:18:43 1 objectClass
16740030 DFW1DC01 16740030 2009-10-28 11:18:43 1 cn
29079766 DFW1DC01 29079766 2010-03-23 16:23:35 3 sn
29079766 DFW1DC01 29079766 2010-03-23 16:23:35 2 title
16740030 DFW1DC01 16740030 2009-10-28 11:18:43 1 description
39541488 DFW1DC01 39541488 2010-07-12 12:03:56 39 givenName
16740030 DFW1DC01 16740030 2009-10-28 11:18:43 1 whenCreated
29079766 DFW1DC01 29079766 2010-03-23 16:23:35 6 displayName
29079766 DFW1DC01 29079766 2010-03-23 16:23:35 3 co
16741438 DFW1DC01 16741438 2009-10-28 11:42:45 2 department
16740030 DFW1DC01 16740030 2009-10-28 11:18:43 1 name
39259708 SAN1DC02 32310052 2010-07-09 10:52:46 4 userAccountControl
38694997 SAN2DC03 93941776 2010-07-03 17:56:41 1 homeDirectory
38694997 SAN2DC03 93941776 2010-07-03 17:56:41 1 homeDrive
28995344 SAN1DC02 23187706 2010-03-22 15:48:22 4 ntPwdHistory
28995344 SAN1DC02 23187706 2010-03-22 15:48:22 4 pwdLastSet
16740031 DFW1DC01 16740031 2009-10-28 11:18:43 1 primaryGroupID
…………
Most of these details are self-explanatory. Ver is the number of modifications to a particular attribute.
Now you have when and where a specific attribute was modified and can track down who did it by looking in the security log J