3 Replies Latest reply on Sep 8, 2010 9:34 PM by Scott Dunbar

    Locating domain controllers

    Roger May



      I need to create a job within BL to locate all domain controllers within the list of servers, then identify which of these are replicated domain controllers. I then intend to run an audit job against the replicated DCs to ensure that policy settings are correct.  Has anyone done anything like this before?

      What I need to know is:-

      1. Best way to determine which server is a DC

      2. Best way to determine if DC is a replicated DC

      3. Extract policy settings for replicated DCs





        • 1. Re: Locating domain controllers
          Daniel Tharby

          Hi Roger,


          What version of BL are you using ?


          1.     To find out if a server is a DC, you could search for the dcdiag.exe file.

          This should only be on the DC's (have just done a check on a standard Win 2K3 Server and one with the ResKit installed - not there).


          2.     Not sure on this one...


          3.     What policy settings ? you could probably try to extract registry settings but again not sure..




          1 of 1 people found this helpful
          • 2. Re: Locating domain controllers
            Roger May



            Thanks for the reply


            We are using version 8.0.433


            Policy settings are as defined in the User Guide for Server Automation, Installing Agents in a Replicated Domain Controller Environment:-

            Security Settings > Local Policies > User Rights Assignment

            Deny Logon Locally


            Logon as a batch job





            • 3. Re: Locating domain controllers
              Scott Dunbar

              Hi Roger,


              The command 'dsquery server -forest' might be your friend. Executed on any domain member server.

              As for a replicated DC, I think that needs clarification.  All DC's relicate in one form or another.  There is no such term as a replicated DC imo


              As for item 3, the command 'secedit' might help you

              1 of 1 people found this helpful