Recipe10.7.Finding a Computer s Active Directory Site

Previous page
Table of content
Next page

Recipe 10.7. Finding a Computer's Active Directory Site

Problem

You want to find the Active Directory site a computer is part of, which is based on the IP address of the computer.

Solution

Using a command-line interface

In the following command, replace <HostName> with the name of the host whose site you want to find.

> nltest /server:<HostName> /DsGetSite

To force a computer to use a particular site, modify the registry as follows:

> reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v SiteName /t REG_SZ /d <SiteName>

Using VBScript

Although you cannot use it directly from a scripting language such as VBScript, Microsoft provides a DsGetSiteName method that can be used by languages such as Visual Basic and C++ to retrieve site coverage information. In fact, the nltest command shown in the CLI solution is a wrapper around this method.

The IADsTools interface provides a wrapper around this method.

set objIadsTools = CreateObject("IADsTools.DCFunctions") strSite = objIadsTools.DsGetSiteName("<HostName>") Wscript.Echo "Site: " & strSite ' This code forces the host the script is run on to use a particular site ' ------ SCRIPT CONFIGURATION ------ strSite = "<SiteName>"   ' e.g., Raleigh ' ------ END CONFIGURATION --------- strNetlogonReg = "SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" const HKLM = &H80000002 set objReg = GetObject("winmgmts:root\default:StdRegProv") objReg.SetStringValue HKLM, strNetlogonReg, "SiteName", strSite WScript.Echo "Set SiteName to " & strSite

Discussion

Each domain controller has a server object that is contained within a site. Clients are differentthey are associated with a site based on their IP address, and the corresponding subnet that it matches is in the Subnets container. The client site information is important because it determines which domain controller it will authenticate against. If the client's IP address does not match a subnet range of any of the subnets stored in Active Directory, it will randomly pick a site to use, which means it could authenticate against any domain controller in the domain.

Finding the site that contains a client is an important first step when troubleshooting authentication delays or errors. If a client is experiencing significant delays, it could be that the client is authenticating with a random site because it is on a new subnet that has yet to be added to Active Directory. This may also result in a client authenticating over a slow WAN link.

You can bypass the part of the DC Locator process that determines a client's site by hardcoding it in the Registry. This is generally not recommended and should primarily be used as a troubleshooting tool. If a client is experiencing authentication delays due to a misconfigured site or subnet object, you can hardcode its site so they temporarily point to a more optimal location (and domain controller).

See Also

MS KB 247811 (How Domain Controllers Are Located in Windows) and MSDN: DsGetSiteName


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
An Introduction to Design Patterns in C++ with Qt 4
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy