Using AD Sites & Services To Find a DC’s DSA Object GUID using NTDSUTIL

For example, the output for REPADMIN /SYNCALL tells you what DCs were synchronized, but does this by giving your their GUIDs rather than their CNs:

image

One quick way to find a DC’s GUID is to run a REPADMIN /SHOWREPS against a DC that has the DC you’re interested in as a replication partner. For example, if I wanted to get KYOSHI’s GUID I could run a /SHOWREPS against GODAN, because I know KYOSHI is a replication partner with GODAN. (In my current test environment it’s the only replication partner, and so many failures because it’s an VM that’s offline much of the time). “DSA object GUID” lists it:

image

The easiest way is to select the GUID with the mouse (I recommend setting QuickEdit on as a property in your command prompt), hit Enter to get it in the clipboard, then enter “REPADMIN /DSAGUID

image

The thing to remember about /DSAGUID is that you must specify a target DC to run it against, or it will fail. If you just paste the GUID in without the target DC, you’ll get the following error:

image

If you read it carefully, you’ll see that even though the command errored out, it actually GAVE you the name of the DC from the GUID – because the command allows you to enter a GUID for the target DC as well as the DNS name

Please or Register to post comments.

What's Windows IT Pro Archived Blogs?

Blog entries from the past

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×