Announcement

Collapse
No announcement yet.

How do I know if a server is a DC?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I know if a server is a DC?

    What's the best method to check if a server is a DC in a domain of many servers? I've logged into another server which I know is a DC and checked Sites & Services, found the site that the above server is in an found that there are no Site Links- thus it has been demoted.

    Is there an easier way?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: How do I know if a server is a DC?

    One of the telltale signs is the lack of Local Users and Groups in compmgmt.msc.
    Another would be to open ADUC and look in the Domain Controllers OU.
    Or you could open Manage Your Server (in the administrative tools) and see if the DC role is there.
    Or... well you get the idea.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: How do I know if a server is a DC?

      The one I usually use is to try to change to a workgroup in "My Computer...Properties". It gives you a very stern rebuke that domain controllers don't let you do that...


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: How do I know if a server is a DC?

        I thought the easiest way to tell it was a DC was when you logon to the console you can only logon to the domain. The option to logon to the local computer has been removed from the pick list.
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: How do I know if a server is a DC?

          And I believe the definitive way is to see if there is a SYSVOL share.
          TIA

          Steven Teiger [SBS-MVP(2003-2009)]
          http://www.wintra.co.il/
          sigpic
          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

          We donít stop playing because we grow old, we grow old because we stop playing.

          Comment


          • #6
            Re: How do I know if a server is a DC?

            Or this is probably the worst option but i will list it anyway.

            Running this script to determine if a computer is a domain controller

            Dim objWMIObject, objServices, objNetwork, nF,bFound,objRole
            Set objNetwork = CreateObject("WScript.Network")
            Set objWMIObject = _
            GetOBject("winmgmts:{impersonateLevel=impersonate} " & _
            "!Win32_ComputerSystem='" & objNetwork.ComputerName & "'")
            bFound = False

            If Not IsNull(objWMIObject.roles) Then
            For nF = LBound(objWMIObject.Roles
            If objRole = "Primary_Domain_Controller" Then
            bFound = True
            Exit For
            End If
            Next
            End If

            If bFound Then WScript.Quit -1
            Wscript.Quit 0
            Its late at night so i may of missed something.
            Last edited by Pulsen; 8th June 2007, 16:02.

            Comment


            • #7
              Re: How do I know if a server is a DC?

              As already mentioned, there are several tell tale signs to determine if a given machine is a DC or not. Some of them I think more reliable than others. I'll throw in my own two cents here - use the command dcdiag. That should tell you whether the machine is a domain controller or not. Another sign would be the display of additional event log types in computer management that are specific to Active Directory.
              VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
              boche.net - VMware Virtualization Evangelist
              My advice has no warranties. Follow at your own risk.

              Comment


              • #8
                Re: How do I know if a server is a DC?

                Thanks guys, a lot of good information.
                |
                +-- JDMils
                |
                +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                |

                Comment


                • #9
                  Re: How do I know if a server is a DC?

                  1 - Well we can do these steps too for domain controller verification
                  when you restart your computer press F8
                  if restore active directory mode is present beneath other options like safe mode and last good configuration then computer is Domain controller

                  2- As mentioned before here in this thread that If you see Active directory users and computers, Domain and trust and Site and services in your administrative tools

                  3- Check DNS service is running, dns management console and dns zones are present in that comptur. If DNS service is not running on that computer, try to access your DNS server. In dns server console, try to browse msdsc.YourDomainName --- dc -- tcp and in srv your computer name is listed

                  Comment


                  • #10
                    Re: How do I know if a server is a DC?

                    Great idea for a new book or whitepaper - "101 ways to tell if a server is a domain controller or not".
                    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                    boche.net - VMware Virtualization Evangelist
                    My advice has no warranties. Follow at your own risk.

                    Comment


                    • #11
                      Re: How do I know if a server is a DC?

                      I hate to nit pick but...

                      Originally posted by ahmer_sahab View Post
                      1 - Well we can do these steps too for domain controller verification
                      when you restart your computer press F8
                      if restore active directory mode is present beneath other options like safe mode and last good configuration then computer is Domain controller
                      Sorry, but that doesn't necessarily mean it's a DC. I have a computer with XP Home on it and DSRM is listed as an option.

                      2- As mentioned before here in this thread that If you see Active directory users and computers, Domain and trust and Site and services in your administrative tools
                      Also not true. You can install those tools on member servers and XP Pro.
                      Regards,
                      Jeremy

                      Network Consultant/Engineer
                      Baltimore - Washington area and beyond
                      www.gma-cpa.com

                      Comment


                      • #12
                        Re: How do I know if a server is a DC?

                        Can I get a mention in that book/whitepaper?
                        |
                        +-- JDMils
                        |
                        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                        |

                        Comment


                        • #13
                          Re: How do I know if a server is a DC?

                          I go with Pulsen. I think WMI is invented for this.(EDIT- of cause remote acces to WMI service must be allowed on each computer (Like on our ISA server it doesn't)

                          You don't need to have special developers tools to make use of the WMI service.
                          You can simply can use it with VBscript, commandline/batches and even with the de GPMC.

                          For this case, the OS role of the computer can be determined
                          with the "DomainRole" property of the Win32_ComputerSystem class.
                          Or,
                          with the "ProductType" propery of the Win32_OperatingSystem class.

                          You can contact WMI service on the local computer, you can also contact the WMI service on remote computers.

                          Code:
                          'You have to be a member of the Domain Admins group to connect to other computers.
                          
                          strComputer = "."   '<-- "." means localhost. You also can put the "name" of a remote computer here).
                          
                          '************
                          'Connect to the target Computer
                          On Error Resume Next
                          
                          sMatch = ""
                          n = n+1 
                          
                          Err.Clear
                          Set objWMIService = GetObject("winmgmts://"& strComputer &"/root/cimv2")
                          If Err.number then
                             strRemark = Err.Description
                             strRole = "?"
                             Err.Clear
                          
                          Else
                          'Get information from that computer
                             Set colComputer = objWMIService.ExecQuery _
                                   ("Select * from Win32_ComputerSystem")
                             For Each objServer in colComputer
                              If objServer.domainrole >=4 AND objServer.domainrole <=5 Then 
                                sMatch = "Y"
                                Select case objServer.domainrole
                                 Case "0"  strRole = "Standalone Workstation"
                                 Case "1"  strRole = "Member Workstation"
                                 Case "2"  strRole = "Standalone Server"
                                 Case "3"  strRole = "Member Server"
                                 Case "4"  strRole = "Domain Controller"
                                 Case "5"  strRole = "Domain Controller (PDC)"
                                 Case Else strRole = "Role-Unknown"
                                End Select
                              Else
                                strRemark = "not important"
                                strRole = "-"
                              End If
                              Exit For
                             Next
                          
                          'Want More ?
                             IF sMatch = "Y" Then
                              'you could use other classes here to collect more
                              'information on the target computer like: OS, SP, Language, FSMO-roles, ect.
                              '(don't forget to empty the variables= after the line is written and
                              ' before processing the next computer)
                             End If
                          '************
                          
                          End IF
                          
                          msgBox(Date&","&time &","& strComputer &","& strRole &","""& strRemark & """")
                          
                          Set colComputer = Nothing
                          Set objWMIService = Nothing
                          
                          Wscript.quit(0)
                          quote: "to check if a server is a DC in a domain of many servers"
                          If you want to check -if a DC realy is a DC-, then probably you dont have to check that many servers. But if you also want to know if any other server has been promoted (w/out to check 'active directory sites and services') then you could do the following:

                          You can query all 'computer object' in AD (takes a lot of time, therefore it is better to provide the script with a OU to begin from). Then it tries to connect to each machine one-by-one (loop) using the computername found in AD. It then collects the wanted information from that computer.
                          Code:
                          'Enumerate Domain Controleres in the Domain 
                          
                          sOutPutFile = "c:\OutputServers.txt"
                          strLDAP = "DC=DOMAIN,DC=LOCAL"  '<--You can narrow the search by adding a specific container to start from)
                          
                          Const ForWriting   = 2
                          Const ForAppending = 8
                          Set objFSO = CreateObject("Scripting.FileSystemObject")
                           With objFSO.OpenTextFile(sOutPutFile, ForWriting, True)
                                .WriteLine("objCount,date,time,Computername,OS-Role,remarks")
                                .Close 
                           End With
                          
                          n = vbEmpty
                          
                          'search All Computer Accounts in Active Directory
                          '------------------------------------------------------
                          Const ADS_SCOPE_SUBTREE = 2
                          
                          Set objConnection = CreateObject("ADODB.Connection")
                          Set objCommand =   CreateObject("ADODB.Command")
                          objConnection.Provider = "ADsDSOObject"
                          objConnection.Open "Active Directory Provider"
                          
                          Set objCommand.ActiveConnection = objConnection
                          
                          objCommand.Properties("Page Size") = 1000
                          objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
                          
                          objCommand.CommandText = _
                              "Select Name, Location from 'LDAP://" & strLDAP & _
                              "' Where objectClass='computer'"
                          
                          Set objRecordSet = objCommand.Execute
                          
                           objRecordSet.MoveFirst
                          
                          '---   ---   ---
                          DO Until objRecordSet.EOF
                          strComputer = objRecordSet.Fields("Name").Value
                          '---   ---   ---
                          
                          
                          '************
                          
                          'PAST here the Blue part from the script above
                          
                          '************
                          
                          'write a new line to the file with the information collected on this target computer
                           With objFSO.OpenTextFile(sOutPutFile, ForAppending, True)
                                .WriteLine(n&","& Date&","&time &","& strComputer &","& strRole &","""& strRemark & """")
                                .Close 
                           End With
                          
                          End If
                          
                          'Empty all the variables before going to the next computer!
                          strComputer = ""
                          strRole = ""
                          strComment = ""
                          Set colComputer = Nothing
                          Set objWMIService = Nothing
                          
                          '---   ---   ---
                          objRecordSet.MoveNext
                          Loop
                          '---   ---   ---
                          
                          Set objFSO = Nothing
                          
                           Set objShell = CreateObject("Wscript.Shell")
                           sOutPutFile = """"& sOutPutFile &""""
                           objShell.Run "WordPad " & sOutPutFile, 3, False
                           Set objShell = Nothing
                          
                          Wscript.Quit(0)
                          Edit the green lines.

                          \Rems
                          Last edited by Rems; 11th June 2007, 19:42.

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment


                          • #14
                            Re: How do I know if a server is a DC?

                            Originally posted by jasonboche View Post
                            "101 ways to tell if a server is a domain controller or not".
                            Tip # 65: If there is a big sweaty dude in the drivers chair, it might be a DC....

                            its easier to beg forgiveness than ask permission.
                            Give karma where karma is due...

                            Comment

                            Working...
                            X