LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-01-2012, 03:03 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,181

Rep: Reputation: 60
Windows Domain Controller Presence in a Network


At my place of employment, I have been asked to see if there is a way using linux, that I can read a Windows registry of a target, probe the registry of target searching for any entry that will definitivly determinie whether the target is actually a windows domain controller. I found two packages using Ubuntu that show promise:

Code:
registry-tools
I found minimal information of registry-tools which is part of SAMBA 4 suite. What is the exact entry in the registry of a Windows Domain Controller should I search for?

Last edited by metallica1973; 08-01-2012 at 03:34 PM.
 
Old 08-02-2012, 11:28 AM   #2
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,181

Original Poster
Rep: Reputation: 60
One way of doing it is using nslookup:

PHP Code:
Find a Windows Domain Controller using nslookup

nslookup 
-type=srv _ldap._tcp.dc._msdcs.testnetwork.local

_ldap
._tcp.pdc._msdcs.Domain

    This provides the address of the Windows NT PDC 
for the domain
_ldap._tcp.pdc._msdcs.DomainTree

    Resolves the addresses of 
global catalog servers in the domain
_ldap._tcp.site.sites.writable._msdcs.Domain

    Provides 
list of domain controllers based on sites
_ldap._tcp.writable._msdcs.Domain

    Enumerates 
list of domain controllers that have the writable copies of the Active Directory data store
_ldap._tcp.GUID.domains._msdcs.DomainTree

    Entry used by MS Windows clients to locate machines using the 
global unique identifier
_ldap._tcp.Site.gc._msdcs.DomainTree

    Used by Microsoft Windows clients to locate the site configuration
-dependent global catalog server

Specific entries used by Microsoft clients to locate essential services for an example domain called quenya.org include:

    
_kerberos._udp.quenya.org Used to contact the KDC server via UDPThis entry must list port 88 for each KDC.

    
_kpasswd._udp.quenya.org Used to locate the kpasswd server when a user password change must be processedThis record must list port 464 on the master KDC.

    
_kerberos._tcp.quenya.org Used to locate the KDC server via TCPThis entry must list port 88 for each KDC.

    
_ldap._tcp.quenya.org Used to locate the LDAP service on the PDCThis record must list port 389 for the PDC.

    
_kpasswd._tcp.quenya.org Used to locate the kpasswd server to permit user password changes to be processedThis must list port 464.

    _gc
._tcp.quenya.org Used to locate the global catalog server for the top of the domainThis must list port 3268. 

The following records are also used by the Windows domain member client to locate vital services on the Windows ADS domain controllers
.

    
_ldap._tcp.pdc._msdcs.quenya.org

    _ldap
.gc._msdcs.quenya.org

    _ldap
.default-first-site-name._sites.gc._msdcs.quenya.org

    _ldap
.{SecID}.domains._msdcs.quenya.org

    _ldap
._tcp.dc._msdcs.quenya.org

    _kerberos
._tcp.dc._msdcs.quenya.org

    _ldap
.default-first-site-name._sites.dc._msdcs.quenya.org

    _kerberos
.default-first-site-name._sites.dc._msdcs.queyna.org

    SecID
._msdcs.quenya.org 
and dig:

PHP Code:
Presence of the correct DNS entries can be validated by executing:

root#  dig @frodo -t any _ldap._tcp.dc._msdcs.quenya.org

; <lt;>> DiG 9.2.2 <lt;>> @frodo -t any _ldap._tcp.dc._msdcs.quenya.org
;; global options:  printcmd
;; Got answer:
;; ->>
HEADER<<- opcodeQUERYstatusNOERRORid3072
;; flagsqr aa rd raQUERY1ANSWER2AUTHORITY0ADDITIONAL2


;; QUESTION SECTION:
;
_ldap._tcp.dc._msdcs.quenya.orgIN        ANY


;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.quenya.org600 IN SRV 0 100 389 frodo.quenya.org.
_ldap._tcp.dc._msdcs.quenya.org600 IN SRV 0 100 389 noldor.quenya.org.


;; 
ADDITIONAL SECTION:
frodo.quenya.org.  3600  IN      A       10.1.1.16
noldor
.quenya.org1200  IN      A       10.1.1.17


;; Query time0 msec
;; SERVERfrodo#53(10.1.1.16)
;; WHENWed Oct  7 14:39:31 2004
;; MSG SIZE  rcvd171 
Thanks given to hergp from unix.com and www.samba.org

http://www.samba.org/samba/docs/man/...tml#adsdnstech
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD mstevensfullarmor Linux - Enterprise 14 02-15-2012 07:05 PM
[SOLVED] Linux Domain Controller on a current Windows Server Domain LaurelRaven Linux - Server 3 02-02-2012 08:43 AM
Logging into a debian primary domain controller via windows xp pro via windows VPN dr5419 Linux - Newbie 15 12-11-2008 05:48 PM
Samba as Primary Domain Controller for windows network hamish Linux - Networking 5 07-26-2005 01:54 PM
Samba Primary Domain Controller for a Windows XP network benobi Linux - Networking 4 11-19-2004 03:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration