However, this doesn't affect existing group membership entries.
This can be seen through repadmin:
repadmin /showobjmeta DC_Name Dn_of_group
Distinguished Name =============================
ABSENT member 2010-02-19 18:02:53 US\Server1
205479704 205479704 2
CN=user1,OU=Accounts,DC=test,DC=com
PRESENT member 2010-02-22 10:21:05 UK\Server2
208940639 143787850 1
CN=user2,OU=Accounts,DC=test,DC=com
Key
ABSENT - LVR enabled member. This is similar to a tombstoned object - it records a membership that has been removed. This will be garbage collected after the tombstone lifetime has expired.
PRESENT - LVR enabled member.
LEGACY - legacy membership. LVR will not take affect for this member.
These can apply to members and also to "managed by" properties.
LVR enabled basically means that there is additional metadata associated with the membership, stored in msDS-ReplValueMetaData attribute for the group.
If you compare an entry for this attribute before and after a membership is LVR-enabled, you see something like this:
LEGACY member:
"
Updated PRESENT member:
Updating Legacy Memberships
In order to update all memberships and managed-by's to be LVR-enabled, you need to remove that membership and re-add it. This updates the metadata.
I'll try and paste some Powershell to do this later on as a response to this post.
No comments:
Post a Comment