I recently came across an old blog post by fellow MVP Joe Richards. In the post Joe points out that whenChanged is not a replicated attribute, which makes it a poor candidate for accurately determining when an object was last modified. He does however indicate that the whenChanged attribute provides a handy way to report when your Domain Controllers were promoted. This is possible because the whenChanged attribute is stamped with the date and time each object is initiated on that specific DC as part of DCPROMO. It means we can query the whenChanged attribute on, for example, any object in the default AD schema to determine the date on which that DC was promoted. Cool, eh? Here’s a Powershell sample using the adminDescription attribute class object in the schema partition.
$admind = "CN=Admin-Description," + (Get-ADRootDSE).schemanamingcontext $dcs = Get-ADDomainController -Filter * | sort name foreach ($dc in $dcs) { $name = $dc.name $wc = (Get-ADObject $admind -Server $name -Properties whenchanged).whenchanged.ToShortDateString() write-host "Domain Controller $name was created on $wc `n" } # end foreach