Displays the attributes of an object.

Although the repadmin /showobjmeta command displays the number of times that the attributes on an object have changed and which domain controller made those changes, the repadmin /showattr command displays the actual values for an object. The repadmin /showattr command can also display the values for objects that are returned by a command-line Lightweight Directory Access Protocol (LDAP) query.

An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).

By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query the read-only partitions of a global catalog server.

For examples of how to use this command, see Examples.


/showattr <DSA_LIST> <OBJ_LIST> [OBJ_LIST Options] [/atts:<att1>,<att2>...] [/allvalues] [/long] [/dumpallblob]


Parameter Description


Specifies the host name of a domain controller or a list of domain controllers that are separated in the list by single spaces. For detailed syntax, see Repadmin.


Specifies the distinguished name or object GUID of the object whose attributes you want to enumerate. When you perform an LDAP query from a command prompt, this parameter forms the base distinguished name path for the search. Enclose distinguished names that contain spaces in quotation marks.


Returns values for specified attributes only. You can display values for multiple attributes by separating them with commas.


Displays all attribute values. By default, this parameter displays only 20 attribute values for an attribute.


Specifies the use of TCP port 3268 to query read-only global catalog partitions.


Displays one line for each attribute value.


Displays all binary attribute values. This command is similar to /allvalues, but it displays binary attribute values.


The following example queries a specific domain controller and shows all attributes for an object using its distinguished name:

repadmin /showattr hq-dc-01 "cn=enterprise administrators,cn=users,dc=contoso,dc=com"

The following example queries a specific domain controller and shows all attributes for an object using its object GUID:

repadmin /showattr hq-dc-01 "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>"

The following example queries all domain controllers whose computer names start with HQ-DC and shows the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level:

Repadmin /showattr hq-dc* "DC=contoso,DC=com" /atts:msDS-Behavior-Version

The following example queries a single domain controller named hq-dc-01 and returns the attributes operating system version and service pack revision for all domain controller computers, targeted by primary group ID = 516, which identifies enterprise domain controllers:

repadmin /showattr hq-dc-01 ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack

The following example queries the read-only partitions (/gc) of all global catalogs ("gc:") in the forest to see if those partitions contain a copy of a specific object that is referenced by its object GUID. This command is useful for determining which domain controllers replicated an important change or contain a lingering object:

repadmin /showattr gc: "<GUID=20b11743-1272-45c0-88fb-ea9a753d53f8>" /gc

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)