Fix Legacy Values of AD Object Attribute

PowerShell Version 2.0 script to fix "legacy values" of a specified attribute of an Active Directory object. This allows the object attribute to take advantage of Link Value Replication (LVR). If the values of the attribute were assigned before the forest functional level was at least Windows Server 2003, the attribute may not take advantage of linked value replication (LVR). These values are called "legacy". Without LVR, any updates to the attribute of the object requires that the entire attribute be replicated. For example, if a group has 1000 members, and you add one more, all 1001 values must be replicated. With LVR, only the updated or new values are replicated.

The script prompts for the sAMAccountName or distinguished name (DN) of the object, the lDAPDisplayName of the attribute, and a text file containing the output from the repadmin command. This file can be created at the command prompt of a domain controller with a statement similar to:

repadmin /showobjmeta mydc "cn=My Object,ou=West,dc=domain,dc=com" > report.txt

where "mydc" is the host name of a domain controller and the distinguished name is that of the object to be processed. The file "report.txt" contains the output and is the file the script prompts for.

The script first checks that the object exists in Active Directory. Then the script parses the file for lines containing the string "LEGACY". This means the repadmin tool identified the value of a linked multi-valued attribute that does not take advantage of LVR. The script parses this line for the lDAPDisplayName of the attribute to make sure it matches the one specified. Then the script reads the value of the attribute on the next line. This value is added to an array of values. The script uses this array with the -Remove parameter of the Set-ADObject cmdlet to remove all such identified values from the attribute of the object. Finally, after a short pause, the script uses the -Add parameter of the Set-ADObject cmdlet to add the values back into the attribute of the object.

When the script has finished, all values that repadmin previously identified as "LEGACY" will now be identified as "PRESENT". This means they take advantage of link value replication.

FixLegacyValues.txt <<-- Click here to view or download the program