Finding a Domain Controller's Site






Finding a Domain Controller's Site

Problem

You need to determine the site of which a domain controller is a member.

Solution

Using a graphical user interface
  1. Open LDP and from the menu, select Connection Connect.

  2. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  3. For Port, enter 389.

  4. Click OK.

  5. From the menu select Connection Bind.

  6. Enter credentials of a domain user.

  7. Click OK.

  8. From the menu, select Browse Search.

  9. For BaseDN, type the distinguished name of the Sites container (for example, cn=sites,cn=configuration,dc=rallencorp, dc=com).

  10. For Scope, select Subtree.

  11. For Filter, enter:

    	      (&(objectcategory=server)(dnsHostName=< 
    DomainControllerName>))
    

  12. Click Run.

Using a command-line interface

To retrieve the site for a particular DC, use the following command syntax:

	> nltest /dsgetsite /server:<DomainControllerName>

The nltest /dsgetsite command is a wrapper around the DsGetSiteName method.


You can also use the AdFind utility as follows:

	> adfind -config -rb cn=sites -f
	"(&(objectcategory=server)(cn=<DomainConfrollerName>))" distinguishedName

For example, to find the site containing the server dc1 in the rallencorp.com domain, you would see the following output:

	> adfind -config -rb cn=sites -f "(&(objectcategory=server)(cn=dc1))"
	distinguishedName
	>
	> AdFind V01.27.00cpp Joe Richards ([email protected]) November 2005

	> Using server: dc1.rallencorp.com:389
	> Directory: Windows Server 2003
	> Base DN: cn=sites,CN=Configuration,DC=rallencorp,DC=com
	>
	> dn:CN=dc1,CN=Servers,CN=Raleigh,CN=Sites,CN=Configuration,DC=rallencorp,DC=com
	> distinguishedName: CN=dc1,CN=Servers,CN=Raleigh,CN=Sites,CN=Configuration,
	DC=rallencorp,DC=com
	>
	> 1 Objects returned

You can also specify the FQDN of the DC in question by using (&(objectcategory=server)(dnsHostName=dc1.rallencorp.com)).


Using VBScript
	' This code prints the  
site the specified domain controller is in
	' ------ SCRIPT CONFIGURATION -----
	strDC = "<DomainControllerName>" ' e.g. dc1.rallencorp.com
	' ------ END CONFIGURATION --------

	set objRootDSE = GetObject("LDAP://" & strDC & "/RootDSE")
	set objNTDS = GetObject("LDAP://" & objRootDSE.Get(" 
dsServiceName"))
	set objSite = GetObject(GetObject(GetObject(objNTDS. 
Parent).Parent).Parent)
	WScript.Echo objSite.Get("cn")

Discussion

Domain controllers are represented in the site topology by a server object and a child nTDSDSA object. Actually, any type of server can conceivably have a server object; it is the ntdSDSA object that differentiates domain controllers from other types of servers. You'll often see the ntdSDSA object of a domain controller used to refer to that domain controller elsewhere in Active Directory. For example, the fSMORoleOwner attribute that represents the FSMO owners contains the distinguished name of the nTDSDSA object of the domain controller that is holding the role.

Using VBScript

Since we cannot use the DsGetSiteName method directly in VBScript, we need to take a more indirect approach. By querying the RootDSE of the target server, we can retrieve the dsServiceName attribute.

That attribute contains the DN of the ntdSDSA object for the domain controller, e.g., cn=NTDSSettings,cn=dc1,cn=MySite,cn=Sites,cn=Configuration,dc=rallencorp,dc=com. Then, by calling the Parent method three consecutive times, we can retrieve the object for cn=MySite,cn=Sites,cn=Configuration,dc=rallencorp,dc=com.

See Also

MSDN: DsGetSiteName



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows