Comparing attributes of objects in Active Directory
This is more a Microsoft Word tip rather than an Active Directory tip. In essence, it shows one of the many methods to compare values of all attributes of two different objects in Active Directory, or of the same object in a "before-after" comparison scenario – to track changes.
In this example, we will try to do a before-after analysis of a single user object to track changes that have happened to the attributes of the same user object.
First, I dump the LDF file for the user that I want to track changes for, before I make the changes using the LDIFDE tool.
LDIFDE -f user_before.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local
Then, I make the changes to the attributes. In this case, I am moving the user’s mailbox from an Exchange 2003 server to an Exchange 2007 mailbox server.
Once again, I dump the LDF for the same user after I’ve done the operation.
LDIFDE -f user_after.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local
Now I have two LDF files, which I want to compare. Microsoft Word has a pretty cool compare feature that shows you what exactly has changed in red. Also, you get to see both the files in two small windows and the changes in a separate window, and they all scroll together!
Simply open (or paste) the two files in Microsoft Word as separate documents. Then, open up the Review toolbar tab, and choose the Compare option.
Here’s a screenshot.
Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.
Leave an opinion!