您希望通过repadmin这个命令来检查已经被删除用户的信息,比如删除时间以及操作时的DC等,如果我的理解不正确,请您告诉我!
通过repadmin来检查已经被删除用户的信息:
1. 用域管理员登录DC
2. 开始-运行ldp.exe
3. Connection-connect
4. Bind-OK
5. View-OK
6. Options-controls,在Load选项中选择Return deleted object-OK
7. 展开左边区域中的DN,找到CN=Deleted Objects,DC=ibm,DC=com这个目录并展开(存在tombstone记录中的对象)
8. 在列表中找到您之前删除的用户,双击打开列表
9. 找到该删除账户的DN,如CN=jason\0ADEL:e0272381-ecc9-4391-86e7-4afc9e73b4fe,CN=Deleted Objects,DC=ibm,DC=com,复制下来
10. 开始运行 cmd
11. 运行repdamin /showmeta “CN=jason\0ADEL:e0272381-ecc9-4391-86e7-4afc9e73b4fe,CN=Deleted Objects,DC=ibm,DC=com” 回车后您会看到下面的信息
27 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
20498 Default-First-Site-Name\DENVER 20498 2008-11-10 11:59:26 1 objectClass
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 cn
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 sn
20498 Default-First-Site-Name\DENVER 20498 2008-11-10 11:59:26 1 instanceType
20498 Default-First-Site-Name\DENVER 20498 2008-11-10 11:59:26 1 whenCreated
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 displayName
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 1 isDeleted
20502 Default-First-Site-Name\DENVER 20502 2008-11-10 11:59:27 2 nTSecurityDescriptor
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 name
20504 Default-First-Site-Name\DENVER 20504 2008-11-10 11:59:27 4 userAccountControl
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 codePage
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 countryCode
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 3 dBCSPwd
20499 Default-First-Site-Name\DENVER 20499 2008-11-10 11:59:27 1 logonHours
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 3 unicodePwd
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 3 ntPwdHistory
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 3 pwdLastSet
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 primaryGroupID
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 supplementalCredentials
20498 Default-First-Site-Name\DENVER 20498 2008-11-10 11:59:26 1 objectSid
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 accountExpires
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 3 lmPwdHistory
20498 Default-First-Site-Name\DENVER 20498 2008-11-10 11:59:26 1 sAMAccountName
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 sAMAccountType
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 userPrincipalName
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 1 lastKnownParent
20505 Default-First-Site-Name\DENVER 20505 2008-11-10 12:00:16 2 objectCategory
0 entries.
Type Attribute Last Mod Time Originating DC Loc.USN Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================
12. 在Ver Attribute这个属性下,你可以找到isDeleted这个属性,该属性对应的信息就是用户帐号的删除时间和操作的服务器信息
希望我的回答对您有所帮助,如果有不清楚的地方,请告诉我。
感谢您选择微软产品并使用微软合作伙伴新闻组技术支持!
Jason Hou 侯铮
MCSE 2003+Security
在线合作伙伴支持工程师
合作伙伴支持部
微软全球技术支持中心
posted on 2008-11-10 17:35
joyclear 阅读(3270)
评论(3) 编辑 收藏 引用 所属分类:
AD