No announcement yet.

AD Shema Search

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Shema Search

    I want to search the schema, how do you do it?

  • #2
    Re: AD Shema Search

    ADSIEDIT , could help you browse through your schema, and you can search there as well.


    • #3
      Re: AD Shema Search

      How do you use ADSIEdit to search? All I found was a clumsy LDAP query tool, and it does not allow me to search for IP's or general key words.

      I have tried dumping the entire schema with csvde and ldifde and searching the text files, but I am not sure the dump was complete, as I couldn't even find a mention of the pdc either.


      • #4
        Re: AD Shema Search

        What are you actually searching for? The schema is the metadata behind AD, so will not hold any information about your domain, just the structure of AD. Everyone with the same version of AD as you will have the same schema. Information on IPs for example is held in DNS.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: AD Shema Search

          But DNS is Dynamic, and taking updates from the domain controllers. The domain controller connects to DNS and says, "I am a DC and these are my roles" then DNS hands out all this information to clients (You can actually check and see what the DC is trying to update by looking at the c:\windows\system32\config\netlogon.dns, this file is updated every time the netlogon service is restarted, and is populated (I suspect) by the schema). This is also why if you have a bad DC crash, you need to go in and clean up the schema through adsiedit to remove the bad DC.

          I have had this domain for over 10 years, and soming is populating DNS with bad GC information, So I want to search the Schema for that bad info, and or the IP that is listed in DNS.