The information in this article applies to:
SUMMARYEvery object in the Active Directory has a Distinguished Name (DN). The DN identifies the domain that holds the object, as well as the complete path through the container hierarchy by which the object is reached. For example, a DN might be "CN=James Smith,CN=Users,DC=Microsoft,DC=Com." This DN identifies the "James Smith" user object in the Microsoft.Com domain. The Relative Distinguished Name (RDN) of an object is the part of the name that is an attribute of the object itself. In the preceding example, the RDN of the "James Smith" user object is "CN=James Smith." The RDN of the parent object is "CN=Users." MORE INFORMATIONTwo objects in the Active Directory with the same RDN cannot exist in the same container. For example, the following example is allowed: DC=MyDomainHowever, two objects that both have the RDN "CN=James Smith" cannot exist in the same container, as in the following example: DC=MyDomainIn the event that an object was created on two or more different domain controllers with the same RDN and in the same container before replication has occurred, a collision will occur when the domain controllers replicate changes. For example, two different administrators both create the "James Smith" user in the "Users" container using the Directory Management administrative tool. In a multi-master environment, each domain controller can create objects in its local database without querying other domain controllers. Each tool is focused on a specific domain controller and each is permitted to create the object. When replication occurs, the object with the latest time stamp (the object that was created last) is kept and the older object is renamed. This requires administrator intervention to determine which object should be kept. As replication occurs to other domain controllers, the name change of the older object is replicated to other domain controllers. The administrator can choose to delete the object whose name has not been changed and rename the original object if that object is determined to be the correct one. Because each object is identified by a Globally Unique Identifier (GUID), the object deletion is safely replicated to other domain controllers even though the RDN was the same. Using the Search.vbs ScriptSearch.vbs is a Microsoft Visual Basic script that is included in the Support\Reskit\Netmgmt\Dstool\Vbsscripts folder on the Windows 2000 retail CD-ROM. This script can be used to perform an LDAP search against the Active Directory and either display the results or output them to a text file.To determine if there are any objects in the Active Directory that have resulted from a replication collision, use the following query. From a command prompt, type "cscript search.vbs "LDAP://YourServerName/dc=mydomain,dc=com" /C:"(CN=*\0ACNF:*)" /P:distinguishedName /S:SubTree"replacing YourServerName, mydomain, and com with the correct names. The query filter used here (identified by the /C: parameter) begins with a wildcard, followed by a linefeed character (expressed in LDAP format by an escape sequence), and "CNF:", which together denote an object collision. This is followed by another wildcard character because the GUID of the objects to be returned are not known. In simpler terms, the filter looks for any objects that have a CN that begins with any text, includes the characters to denote an object collision, and suffixed by any text. The output display how many objects were found and presents the value for the "distinguishedName" attribute for each object found as in the following example: Finished the query.If no collisions are found, the following output is displayed: Finished the query. Additional query words:
Keywords : kbtool ntdomain |
|
Last Reviewed: December 29, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |