Enumerating Domain Controllers

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

The script shown in Listing 9.12 can connect to a specified computer and tell you whether that computer is a domain controller. What the script cannot do, however, is tell which other computers are domain controllers. To do that, the script would need to connect to every computer and determine the computer role.

A better way to obtain a list of all your domain controllers is to retrieve that information from Active Directory. Active Directory includes a Configuration partition that maintains information about the structure of the directory service. This information includes such things as the names of all the domains in the forest and the names of all the domain controllers and global catalog servers. To retrieve a list of domain controllers, you can search the Configuration container for all instances of the nTDSDSA object class. This class represents the Directory Services Agent, the process that provides access to the Active Directory database itself. All domain controllers are members of this class.

Scripting Steps

Listing 9.14 contains a script that enumerates all the domain controllers in Active Directory. To carry out this task, the script must perform the following steps:

  1. Create a constant named ADS_SCOPE_SUBTREE and set the value to 2.

    This constant is used to specify a search that begins in the Active Directory root and then proceeds to search all the child containers as well.

  2. Create an instance of the Active Directory connection object (ADODB.Connection).
  3. Create an instance of the Active Directory command object (ADODB.Command).

    The command object allows you to issue queries and other database commands through the Active Directory connection.

  4. Set the Provider property of the connection object to the Active Directory provider (ADsDSOObject), which is the OLE database provider for ADSI.
  5. Set the active connection to the Active Directory connection.
  6. Set the command text for the Active Directory command object to the SQL query that retrieves all the domain controllers from fabrikam.com.

    The SQL query that retrieves the list of domain controllers is Select distinguishedName from ' LDAP://cn=Configuration,DC=fabrikam,DC=com' where objectClass='nTDSDSA.

  7. Specify values for page size, time-out, search scope, and caching.

    Although optional, specifying these values can improve the performance of your script in a domain with thousands of computer accounts.

  8. Execute the SQL query.
  9. When the set of domain controllers is returned, use the MoveFirst method to move to the first computer in the recordset.
  10. For each domain controller in the recordset, echo the computer name.

Listing 9.14   Enumerating Domain Controllers

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand =   CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.CommandText = _     "SELECT distinguishedName FROM " _         & "'LDAP://cn=Configuration,DC=fabrikam,DC=com' " _             & "WHERE objectClass='nTDSDSA'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF     Wscript.Echo "Computer Name: " & _         objRecordSet.Fields("distinguishedName").Value     objRecordSet.MoveNext Loop

send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net