Friday, October 27, 2006

Listing down all the Active Directory Servers in a domain

I am new to Windows world. Hence please do correct me if you find any terminology to be incorrect than the standard ones. I would be more than glad to stand corrected.

I am learning about the LDAP and Active Directory servers. We all know that for logging into a domain, active directory (AD) service for that domain is used. But how does the windows running in your workstation find out which AD to be contacted?

After we click on the login button, a name service look-up is performed with the following details:

Request type: SRV
URL: _ldap._tcp.domainname

This NS look-up command will return a bunch of servers, and one of them will be used to authenticate the user. Each of the blocks in the response will have the port in which the server is listening as well. Replace domainname above with the actual domain name in which you would like to find out the active servers.

Okay, thats the theory part. Now hands on. Try these commands in your workstation and convince yourself with the results.
nslookup This will start the nslookup process. The two commands entered below are in the nslookup prompt ">".
set q=srv
_ldap._tcp.domainname Replace domainname with the actual domain that you would like to perform look-up.

There is an excellent tutorial available on Active Directory architecture, which might be of good help in terms of understanding what AD is.

No comments: