I am on a Unix host and am looking for a programatic way to determine the closest DC. Microsoft has an excellent article explaining how to perform the DNS lookup, and I am able to find the list of available DCs easily like this:
dig -t SRV _ldap._tcp.dc._msdcs.example.com
But regarding finding the closest, it explains:
After the client locates a domain controller, it establishes communication by using LDAP to gain access to Active Directory. As part of that negotiation, the domain controller identifies which site the client is in based on the IP subnet of that client. If the client is communicating with a domain controller that is not in the closest (most optimal) site, the domain controller returns the name of the client's site.
So far I have not been able to find where this "returns the name of the client's site" occurs during LDAP queries. Is there a particular query I should perform to get this, or some other technique that can be performed on a Unix host not joined to the domain?
EDIT: Thanks to Sim's pointer, I've learned how to find the correct DC once I know my site (in this example, "mysite" as part of example.com):
dig -t SRV _ldap._tcp.mysite._sites.dc._msdcs.example.com
But this leaves open the question of how to determine my site. Repeatedly the docs indicate that any DC I connect to will work this out for me, but I can't find the doc that says how it returns me the information. I've even tried sending DNS queries directly to DCs to see if they'll order the SRV results with my site on the top, but they don't.
Answer
This TechNet article walks you through the logic of Finding a Domain Controller in the Closest Site if that helps.
Since you are on Unix have you looked at how Samba does this? It looks like this is done with CLDAP. This blog entry - Joining a Samba Domain might provide some more answers.
No comments:
Post a Comment