What are all these changes to Active Directory?

This is a great blog if you are wondering about some unusual behaviour in Active Directory – specifically the following:

“- Why has my AD database size increased by 500MB in the last three weeks?
- I see lots of AD replication in Domain Controller monitoring. What are all these changes?”

Go to the Ask the Directory Services blog on Technet;

How do I find out what changes are going on in my Active Directory?

“In order to find the cause for the problems, you should find what has changed in the AD database recently. Now Active Directory assigns an "Update Sequence Number" (USN) to each change. These USNs are 64 Bit Integers and are specific to a Domain Controller. The DC GUID and USN together uniquely identify a database change. A USN is both assigned to originating changes and replicated changes. So even for read-only GC content, you see local USNs getting written.

You can use these USNs to identify recent changes in the database of each DC. ….”

“Based on this number, you can query for the most recently changed Objects using an LDAP query.”

Great blog!