Identify logonserver for all computer accounts in AD

E

ekk

We have a domain with computer objects from different major US cities
populating AD. Is there a way to obtain some type of list for all computers
(or within a specific OU) and the logonserver they authenticate with? The DC
will tell me which city that the computer object belongs to and I can move
it to the proper OU. Thank you.
 
J

Joe Richards [MVP]

Assuming your subnet topology is configured correctly you could query AD with a
list of the IP addresses of the machine and it will tell you what AD site the
IPs are for and then you can look at the site to determine which DCs would be
used but actually once you know the Site you should be good, again assuming that
is all configured properly. If it isn't configured properly, the DC would be a
random DC anyway.

To help with the IP to site conversion check out:

http://www.joeware.net/win/free/tools/atsn.htm
 
R

Ryan Hanisco

So basically if your subnets are differentiated and you have dynamic DNS
registration working, you should be able to figure out which one goes where
from your DNS list.

Now, if you have everyone in the same subnet, this is either because you
have very fast WAN links and want everyone to be in the same site, or
because of non-IT related reasons. In this case, you may well be in some
trouble, and won't be able to assign logon servers anyway.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL
 
J

Joe Richards [MVP]

It doesn't actually require dynamic DNS, it just requires that the DC SRV
records that are supposed to be registered, actually are. This can be done
statically but it is terribly messy to maintain.

Basically there is a DC locater capability built into the environment and you
are simply using it to find the site that a client would try to use. Each DC
covering a specific site will have a list of DNS records it wants registered for
that site. If the dynamic reg is working it will be registered. If static reg is
being used youwould need to read the DNS files on the server
(c:\%windir%\system32\config\netlogon.dns) and make sure those records were
registered.

ATSN calls the function DsAddressToSiteNames to query a DC to have it tell you
which specific sites are mapped to the specific subnets. This is nice to use
because it uses the exact same logic used by a client for locating what site it
is in so it works with subdividing of subnets that people do (for instance
someone may register an 8 bit subnet for the entire org to point at a hub site
and then further break down portions of that subnet into smaller subnets and
point them to other sites, that way you never have subnets that aren't defined
so you don't get the random DC location you can get with random subnets).

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD for Multi tenancy 0
Creating multiple computer accounts 1
VB Script to isolate inactive computer accounts in AD - Simple Version 1
Machine (Computer) Accounts in AD 1
Security Propagation Withing AD 2000 4
Large Global single domain Group Policy design 1
Computer Objects 2
Placement of computer objects in AD 3

Top