how to verify a machine is a DC
Jeremy Allison
jra at samba.org
Sat Feb 23 02:57:41 GMT 2008
On Fri, Feb 22, 2008 at 09:39:16PM -0500, Michael B Allen wrote:
> On 2/22/08, ronnie sahlberg <ronniesahlberg at gmail.com> wrote:
> > you can try a cldap ping to the host and if it is an AD dc it will
> > respond back to you and tell you which domain it belongs to.
>
> I agree the CLDAP netlogon attribute query is perfect for this. The
> flags field will tell you not only if it's a KDC but also if it's
> writable, a PDC, a GC, etc.
>
> Unfortunately there's no generic CLDAP netlogon attribute query code
> out there. OpenLDAPs support for CLDAP is flakey. I ended up writing
> my own code to do this (although in hindsight I probably could have
> used OpenLdap's liblber to help but I wasn't sure if AD would care
> about it being encoded in DER as opposed to Windows' quirky encoding
> style).
>
> Someone should really write a little 'cldap-ping' utility. The network
> monitoring and asset manager types would love it.
The 'net' utility in Samba will do this (in the 3.2 codebase for sure).
net ads lookup
does the cldap query.
Jeremy.
More information about the samba-technical
mailing list