All,
I have adjusted my script, firstly to automatically take into account any additional application partitions and also deleted and recycled objects
When it comes to deleted and recycled objects as you are probably aware an object is marked as isDeleted first, then then the deleted object lifetime expires it is marked as isRecycled. However, it still maintains it's isDeleted attribute set to true. Therefore, I am working on the logic I only need to search for objects which have their isDeleted attribute set to pick up both Deleted and Recycled objects. With that in mind I used Get-AdObject to pick out the deleted/recycled objects. As you can see from the results below I am still a thousands out (8585) when comparing Domain (default naming context) USNChanged and adding this to Deleted/Recycled and comparing it with highestCommittedUSN from the RootDSE.
DC=MyDomain,DC=net : 100082514
CN=Configuration,DC=MyDomain,DC=net : 100082970
CN=Schema,CN=Configuration,DC=MyDomain,DC=net : 100083493
DC=ForestDnsZones,DC=MyDomain,DC=net : 100082559
DC=DomainDnsZones,DC=MyDomain,DC=net : 100082584
DeletedorRecycled : 1928
HighestUSNChanged : 100093027
script below
# Author Ernest Brant, use AS IS no warranty
$RootDSE = [ADSI]"LDAP://RootDSE"
$HT = [ordered]@{ }
$HT2 = [ordered]@{ }
$Array = New-object system.collections.arraylist
$HighestUSNChanged = $RootDSE.highestCommittedUSN| ForEach-Object {$_}
foreach ($NamingContext in (($RootDSE).namingContexts))
{
$HT.$NamingContext = [ADSI]"LDAP://$NamingContext"
}
foreach ($NamingContext in ($HT.GetEnumerator()))
{
$partiton = $NamingContext.Name
$USNChanged = `
$RootDSE.ConvertLargeIntegerToInt64(($NamingContext.value).uSNChanged[0]) -as [int]
$HT2.Add($partiton,$USNChanged )
}
$DeletedorRecycled = @(Get-ADObject -filter 'isdeleted -eq $true -and name -ne "Deleted Objects"' -includeDeletedObjects)
$HT2.Add('DeletedorRecycled', $DeletedorRecycled.count)
$HT2.Add('HighestUSNChanged', $HighestUSNChanged)
[pscustomobject]$HT2