how to verify a machine is a DC
Michael B Allen
ioplex at gmail.com
Sat Feb 23 02:39:16 GMT 2008
On 2/22/08, ronnie sahlberg <ronniesahlberg at gmail.com> wrote:
> you can try a cldap ping to the host and if it is an AD dc it will
> respond back to you and tell you which domain it belongs to.
I agree the CLDAP netlogon attribute query is perfect for this. The
flags field will tell you not only if it's a KDC but also if it's
writable, a PDC, a GC, etc.
Unfortunately there's no generic CLDAP netlogon attribute query code
out there. OpenLDAPs support for CLDAP is flakey. I ended up writing
my own code to do this (although in hindsight I probably could have
used OpenLdap's liblber to help but I wasn't sure if AD would care
about it being encoded in DER as opposed to Windows' quirky encoding
style).
Someone should really write a little 'cldap-ping' utility. The network
monitoring and asset manager types would love it.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the samba-technical
mailing list