3 Replies Latest reply on Sep 8, 2010 9:34 PM by Scott Dunbar

    Locating domain controllers

      Hi,

       

      I need to create a job within BL to locate all domain controllers within the list of servers, then identify which of these are replicated domain controllers. I then intend to run an audit job against the replicated DCs to ensure that policy settings are correct.  Has anyone done anything like this before?

      What I need to know is:-

      1. Best way to determine which server is a DC

      2. Best way to determine if DC is a replicated DC

      3. Extract policy settings for replicated DCs

       

      Thanks

       

      Rog

        • 1. Re: Locating domain controllers
          Daniel Tharby

          Hi Roger,

           

          What version of BL are you using ?

           

          1.     To find out if a server is a DC, you could search for the dcdiag.exe file.

          This should only be on the DC's (have just done a check on a standard Win 2K3 Server and one with the ResKit installed - not there).

           

          2.     Not sure on this one...

           

          3.     What policy settings ? you could probably try to extract registry settings but again not sure..

           

          HTH

          Cheers

          1 of 1 people found this helpful
          • 2. Re: Locating domain controllers

            Hi

             

            Thanks for the reply

             

            We are using version 8.0.433

             

            Policy settings are as defined in the User Guide for Server Automation, Installing Agents in a Replicated Domain Controller Environment:-

            Security Settings > Local Policies > User Rights Assignment

            Deny Logon Locally

            and

            Logon as a batch job

             

            Cheers

             

            Rog

            • 3. Re: Locating domain controllers

              Hi Roger,

               

              The command 'dsquery server -forest' might be your friend. Executed on any domain member server.

              As for a replicated DC, I think that needs clarification.  All DC's relicate in one form or another.  There is no such term as a replicated DC imo

               

              As for item 3, the command 'secedit' might help you

              1 of 1 people found this helpful