Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
The script shown in Listing 9.12 can connect to a specified computer and tell you whether that computer is a domain controller. What the script cannot do, however, is tell which other computers are domain controllers. To do that, the script would need to connect to every computer and determine the computer role.
A better way to obtain a list of all your domain controllers is to retrieve that information from Active Directory. Active Directory includes a Configuration partition that maintains information about the structure of the directory service. This information includes such things as the names of all the domains in the forest and the names of all the domain controllers and global catalog servers. To retrieve a list of domain controllers, you can search the Configuration container for all instances of the nTDSDSA object class. This class represents the Directory Services Agent, the process that provides access to the Active Directory database itself. All domain controllers are members of this class.
Listing 9.14 contains a script that enumerates all the domain controllers in Active Directory. To carry out this task, the script must perform the following steps:
This constant is used to specify a search that begins in the Active Directory root and then proceeds to search all the child containers as well.
The command object allows you to issue queries and other database commands through the Active Directory connection.
The SQL query that retrieves the list of domain controllers is Select distinguishedName from ' LDAP://cn=Configuration,DC=fabrikam,DC=com' where objectClass='nTDSDSA
.
Although optional, specifying these values can improve the performance of your script in a domain with thousands of computer accounts.
Listing 9.14 Enumerating Domain Controllers
|
|
Send us your feedback | « Previous | Next » |