none
How to find out when dcpromo was run on a server?

    Question

  • Is there an event ID or something that gets logged that shows when dcpromo was run on a server? I am trying to figure out when a server was promoted to a domain controller.

    Thanks

    Monday, January 07, 2013 3:34 PM

Answers

  • When a DC is promoted, an "NTDS Settings" object for the server is created in the configuration container of AD. This object has a whenCreated attribute. You can view this in ADSI Edit. The path would be similar to "cn=NTDS Settings,cn=MyDC,cn=Servers,cn=MySite,cn=Sites,cn=Configuration,dc=MyDomain,dc=com", where MyDC, MySite, and MyDomain are specific to you. The value of the whenCreated attribute will be the datetime when dcpromo was run.


    Richard Mueller - MVP Directory Services

    Monday, January 07, 2013 3:45 PM
  • You can use dsquery * to find the whenCreated dates for the "NTDS Settings" objects for all DC's in the domain as follows:

    dsquery * "cn=Sites,cn=Configuration,dc=MyDomain,dc=com" -Filter "(cn=NTDS Settings)" -attr distinguishedName whenCreated

    -----

    The distinguishedName of each object includes the name of the DC. Unfortunately, you cannot filter on distinguishedName, and there is no other attribute of the objects that you can filter on for the DC name, so you cannot query for a specific DC this way. You would need a script for that.


    Richard Mueller - MVP Directory Services

    Monday, January 07, 2013 4:01 PM

All replies

  • When a DC is promoted, an "NTDS Settings" object for the server is created in the configuration container of AD. This object has a whenCreated attribute. You can view this in ADSI Edit. The path would be similar to "cn=NTDS Settings,cn=MyDC,cn=Servers,cn=MySite,cn=Sites,cn=Configuration,dc=MyDomain,dc=com", where MyDC, MySite, and MyDomain are specific to you. The value of the whenCreated attribute will be the datetime when dcpromo was run.


    Richard Mueller - MVP Directory Services

    Monday, January 07, 2013 3:45 PM
  • Run the following command and replace 'ANYDC' and 'DCYOUWANTTOCHECK'
    repadmin /showobjmeta ANYDC "CN=DCYOUWANTTOCHECK,OU=Domain Controllers,DC=domain,DC=com"

    Have a look when the userAccountControl attribute was last changed, nothing should normaly change the UAC flags after the machine has been promoted to a DC.

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Monday, January 07, 2013 3:48 PM
  • You can use dsquery * to find the whenCreated dates for the "NTDS Settings" objects for all DC's in the domain as follows:

    dsquery * "cn=Sites,cn=Configuration,dc=MyDomain,dc=com" -Filter "(cn=NTDS Settings)" -attr distinguishedName whenCreated

    -----

    The distinguishedName of each object includes the name of the DC. Unfortunately, you cannot filter on distinguishedName, and there is no other attribute of the objects that you can filter on for the DC name, so you cannot query for a specific DC this way. You would need a script for that.


    Richard Mueller - MVP Directory Services

    Monday, January 07, 2013 4:01 PM
  • Richard: Would not apply to a pre-staged RODC (unoccupied) account :) (e.g someone pre-stage the account and then run DCPROMO 2 months later)

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Monday, January 07, 2013 4:12 PM
  • Hi,
     
    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
      
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
      
    Best Regards
      
    Kevin
    Monday, January 14, 2013 1:57 AM
  • multiple ways to find out when DCPROMO was executed......
    * Check the DCPROMO.LOG in C:\Windows\Debug
    * Check the creation dates of the folder for the NTDS.DIT file and the SYSVOL
    * Check the creation of the computer account, the NTDS Settings object (all in AD)
     
    this should give you an idea of when DCPROMO was executed
     

    Cheers,


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <>

    "K_evin Zhu" wrote in message news:a94dc12f-03e1-4dab-9142-3545598e4189@communitybridge.codeplex.com...
    Hi,
     
    As this thread has been quiet for a while, we will mark it as �??Answered�?? as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW, we�??d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin

    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Monday, January 14, 2013 9:37 AM
    Moderator
  • dcpromoui.log provide that info.

    Copied from one dcpromoui.log ; below lines are the first 3 lines of that log.

    dcpromoui 430.76C 0000 17:26:54.719 opening log file C:\Windows\debug\dcpromoui.log
    dcpromoui 430.76C 0001 17:26:54.719 C:\Windows\system32\dcpromo.exe
    dcpromoui 430.76C 0002 17:26:54.719 file timestamp 01/19/2008 03:23:37.172


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin, MCC, Technet Wiki Ninja.






    • Edited by bshwjt Tuesday, January 15, 2013 12:11 PM
    Monday, January 14, 2013 12:35 PM
  • I'm not sure but look at this link.

    Hope it helps you.

    http://www.scottsavage.net/2009/01/frs-error-13508-without-13509?wpmp_switcher=mobile

    Monday, January 14, 2013 12:41 PM
  • Worked perfectly.

    After some excel manipulation, the complete list:

    1/5/2010 18:19:56 CN=XVR-RJO-004
    1/6/2010 10:45:49 CN=XVR-RJO-006
    6/14/2011 19:35:18 CN=XVR-DTC-018
    11/17/2011 14:41:37 CN=XVR-MAO-006
    7/18/2012 2:24:25  CN=XVR-DTC-059
    3/14/2013 13:09:12 CN=BRMA1-XVR0001
    5/21/2013 21:10:01 CN=BRATX-XVR0002
    7/12/2013 19:28:13 CN=BRALX-XVR0002
    7/24/2013 22:42:51 CN=XVR-LNX-001
    8/10/2013 4:44:00  CN=XVR-GDX-002
    9/11/2013 18:45:57 CN=BROLX-XVR0002
    10/4/2013 16:43:29 CN=XVR-APX-001
    11/4/2013 16:15:15 CN=XVR-LGX-001
    12/16/2013 15:28:56 CN=BRRJ2-XVR0001
    1/7/2014 18:03:03 CN=BRAM1-XVR0005
    4/9/2014 18:07:46 CN=BRRJ3-XVR0002

    Thursday, April 10, 2014 2:59 PM