Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
There are often times when it is useful to know which domain controller was used to authenticate a computer. For example, if users are having difficulty accessing resources, you might want to identify the domain controller that processed the initial authentication. If it seems to be taking an inordinately long time for certain users to log on to the network, you might want to check and see if the same domain controller is processing those logons. To periodically check the validity of your Active Directory topology, you might want to see which domain controllers are being used by the computers at a particular site.
To identify the domain controller used to authenticate a computer, you can use the LDAP provider and bind to rootDSE. When you bind to rootDSE, you are bound to the directory service root. This is why rootDSE is often used as a way to bind to the domain; you can bind to your domain without having to hard-code the domain name within a script.
However, rootDSE is also used to return information about the directory server itself. For example, the dnsHostName attribute tells you the name of the current domain controller for the computer. The serverName attribute returns the distinguished name of the current domain controller.
This script must be run locally; you cannot use it to identify the domain controller for a remote computer. If you want to monitor the domain controllers being used to authenticate user logons, you could use this code as part of a logon script. That way, each time a user logs on, information about the user and the domain controller could be stored in a database.
Listing 9.15 contains a script that identifies the current domain controller for a computer. To carry out this task, the script must perform the following steps:
Listing 9.15 Identifying the Current Domain Controller
|
|
Send us your feedback | « Previous | Next » |