LiveDiffAD is a tiny powershell script used to grab Active Directory changes on the fly.
The script:
- is based on UncoverDCShadow, which uses the LDAP_SERVER_NOTIFICATION_OID (1.2.840.113556.1.4.528) LDAP control. This special control can be used to retrieves the object which are being changed ;
- grab replication metadata for the targeted object, and compare it to the
LocalUSN. If the USN is higher, indicating a more recent change, the new value is printed and the internal USN updated accordingly - uses
repadmin /showchangescookies (placed on script start-up incookie*.binfiles) to print a summary of all the changes made duringShow-LiveDiffcall, and avoid missing one of them. Indeed, this method, while using the same concepts, does not reuse the information grabbed by the script. Therefore, one can have a stronger confidence in its global diff results.
# Import the script
PS> Import-Module .\livediff.ps1
# Launch the live view
PS> Show-LiveDiff
...For each change, the script will highlight the target object, and its attributes being changed.
Once the script is terminated, a change summary is printed.
# Summary for the domain naming context
[Summary - DC=WINDOMAIN,DC=LOCAL]
Using cookie from file cookie.bin (132 bytes)
==== SOURCE DSA: DC.WINDOMAIN.LOCAL ====
...
# Summary for the Configuration naming context
[Summary - CN=Configuration,DC=WINDOMAIN,DC=LOCAL]
...
# Summary for the Schema naming context
[Summary - CN=Schema,CN=Configuration,DC=WINDOMAIN,DC=LOCAL]
...
# Summary for the Forest DNS Zones naming context
[Summary - DC=ForestDnsZones,DC=WINDOMAIN,DC=LOCAL]
...
# Summary for the Domain DNS Zones naming context
[Summary - DC=DomainDnsZones,DC=WINDOMAIN,DC=LOCAL]
...The files cookies*.bin are updated at the end of the script, and can be used as a checkpoint after the script termination.
The diff_examples directory highlights changes made during some scenarios.