Displays the attributes of an object.

Although the repadmin /showobjmeta command displays the number of times that the attributes on an object have changed and which domain controller made those changes, the repadmin /showattr command displays the actual values for an object. The repadmin /showattr command can also display the values for objects that are returned by a command-line Lightweight Directory Access Protocol (LDAP) query.

An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).

By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query the read-only partitions of a global catalog server.

For examples of how to use this command, see Examples.

Syntax

/showattr <DSA_LIST> <OBJ_LIST> [OBJ_LIST Options] [/atts:<att1>,<att2>...] [/allvalues] [/long] [/dumpallblob]

Parameters

Parameter Description

<DSA_LIST>

Specifies the host name of a domain controller or a list of domain controllers that are separated in the list by single spaces. For detailed syntax, see Repadmin.

<OBJ_LIST> [OBJ_LIST Options}

Specifies the distinguished name or object GUID of the object whose attributes you want to enumerate. When you perform an LDAP query from a command prompt, this parameter forms the base distinguished name path for the search. Enclose distinguished names that contain spaces in quotation marks.

/atts

Returns values for specified attributes only. You can display values for multiple attributes by separating them with commas.

/allvalues

Displays all attribute values. By default, this parameter displays only 20 attribute values for an attribute.

/gc

Specifies the use of TCP port 3268 to query read-only global catalog partitions.

/long

Displays one line for each attribute value.

/dumpallblob

Displays all binary attribute values. This command is similar to /allvalues, but it displays binary attribute values.

Examples

The following example queries a specific domain controller and shows all attributes for an object using its distinguished name:

repadmin /showattr hq-dc-01 "cn=enterprise administrators,cn=users,dc=contoso,dc=com"

The following example queries a specific domain controller and shows all attributes for an object using its object GUID:

repadmin /showattr hq-dc-01 "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>"

The following example queries all domain controllers whose computer names start with HQ-DC and shows the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level:

Repadmin /showattr hq-dc* "DC=contoso,DC=com" /atts:msDS-Behavior-Version

The following example queries a single domain controller named hq-dc-01 and returns the attributes operating system version and service pack revision for all domain controller computers, targeted by primary group ID = 516, which identifies enterprise domain controllers:

repadmin /showattr hq-dc-01 ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack

The following example queries the read-only partitions (/gc) of all global catalogs ("gc:") in the forest to see if those partitions contain a copy of a specific object that is referenced by its object GUID. This command is useful for determining which domain controllers replicated an important change or contain a lingering object:

repadmin /showattr gc: "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>" /gc