for x in self.con.server_names:
self.dn = self.dn.replace("CN=${SERVER_NAME}", "CN=%s" % x)
self.attributes = self.con.get_attributes(self.dn)
- # Attributes that are considered always to be different e.g based on timestamp etc.
- #
# One domain - two domain controllers
- self.ignore_attributes = [
- # Default Naming Context
- "lastLogon", "lastLogoff", "badPwdCount", "logonCount", "badPasswordTime", "modifiedCount",
- "operatingSystemVersion","oEMInformation",
- "ridNextRID", "rIDPreviousAllocationPool",
- # Configuration Naming Context
- "repsFrom", "dSCorePropagationData", "msExchServer1HighestUSN",
- "replUpToDateVector", "repsTo", "whenChanged", "uSNChanged", "uSNCreated",
- # Schema Naming Context
- "prefixMap"]
+ #
+ # Some attributes are defined as FLAG_ATTR_NOT_REPLICATED
+ #
+ # The following list was generated by
+ # egrep '^systemFlags: |^ldapDisplayName: |^linkID: ' \
+ # source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt | \
+ # grep -B1 FLAG_ATTR_NOT_REPLICATED | \
+ # grep ldapDisplayName | \
+ # cut -d ' ' -f2
+ self.non_replicated_attributes = [
+ "badPasswordTime",
+ "badPwdCount",
+ "dSCorePropagationData",
+ "lastLogoff",
+ "lastLogon",
+ "logonCount",
+ "modifiedCount",
+ "msDS-Cached-Membership",
+ "msDS-Cached-Membership-Time-Stamp",
+ "msDS-EnabledFeatureBL",
+ "msDS-ExecuteScriptPassword",
+ "msDS-NcType",
+ "msDS-ReplicationEpoch",
+ "msDS-RetiredReplNCSignatures",
+ "msDS-USNLastSyncSuccess",
+ # "distinguishedName", # This is implicitly replicated
+ # "objectGUID", # This is implicitly replicated
+ "partialAttributeDeletionList",
+ "partialAttributeSet",
+ "pekList",
+ "prefixMap",
+ "replPropertyMetaData",
+ "replUpToDateVector",
+ "repsFrom",
+ "repsTo",
+ "rIDNextRID",
+ "rIDPreviousAllocationPool",
+ "schemaUpdate",
+ "serverState",
+ "subRefs",
+ "uSNChanged",
+ "uSNCreated",
+ "uSNLastObjRem",
+ # "whenChanged", # This is implicitly replicated
+ ]
+ self.ignore_attributes = self.non_replicated_attributes
+ self.ignore_attributes += ["msExchServer1HighestUSN"]
if filter_list:
self.ignore_attributes += filter_list
if self.two_domains:
self.ignore_attributes += [
- "objectCategory", "objectGUID", "objectSid", "whenCreated", "pwdLastSet", "uSNCreated", "creationTime",
+ "objectCategory", "objectGUID", "objectSid", "whenCreated", "whenChanged", "pwdLastSet", "uSNCreated", "creationTime",
"modifiedCount", "priorSetTime", "rIDManagerReference", "gPLink", "ipsecNFAReference",
"fRSPrimaryMember", "fSMORoleOwner", "masteredBy", "ipsecOwnersReference", "wellKnownObjects",
"badPwdCount", "ipsecISAKMPReference", "ipsecFilterReference", "msDs-masteredBy", "lastSetTime",
"ipsecNegotiationPolicyReference", "subRefs", "gPCFileSysPath", "accountExpires", "invocationId",
+ "operatingSystemVersion", "oEMInformation",
# After Exchange preps
"targetAddress", "msExchMailboxGuid", "siteFolderGUID"]
#