{"id":2056,"date":"2016-12-02T10:19:28","date_gmt":"2016-12-02T10:19:28","guid":{"rendered":"http:\/\/galhano.com\/blog\/?p=2056"},"modified":"2016-12-02T10:23:02","modified_gmt":"2016-12-02T10:23:02","slug":"how-to-find-a-global-catalog-server","status":"publish","type":"post","link":"https:\/\/galhano.com\/blog\/?p=2056","title":{"rendered":"How to find a Global Catalog server?"},"content":{"rendered":"<h3><span style=\"color: #800000;\"><strong>With DNS Requests (NSLOOKUP)<\/strong><\/span><\/h3>\n<p>In an Active Directory environment, all Global Catalogs are anchored in DNS . There is a separate subdomain &#8216;GC._msdcs &#8230;.&#8217; in the namespace of the AD root domain (please remember: the global catalog does not refer to individual domains, but to the entire forest). So if your root domain in the forest is e.g. example.root, then you get a list of all GCs with this command:<\/p>\n<p>[xml]C:\\&gt; nslookup gc._msdcs.example.root[\/xml]<\/p>\n<p>Server:\u00a0 dns01.example.root<br \/>\nAddress:\u00a0 10.127.60.3<\/p>\n<p>Name:\u00a0 gc._msdcs.example.root<br \/>\nAdresses:\u00a0 10.127.60.100<br \/>\n10.127.60.102<br \/>\n10.127.60.103<br \/>\n10.127.77.1<br \/>\n10.127.77.130<br \/>\n10.127.93.2<br \/>\n10.127.93.12<br \/>\n192.168.35.1<\/p>\n<p>The container _msdcs contains the infrastructural DNS records of the Active Directory. This is also where all the SRVservice records for the domain controllers are stored.<\/p>\n<h3><span style=\"color: #800000;\"><strong>With DSQUERY<\/strong><\/span><\/h3>\n<p>You can also use the standard command line tool DSQUERY for searching GCs. The search can be limited to certain domains or AD sites. However, you must be authenticated in the regarding forest and DSQUERY must be available on your machine (this is usually the case on Widows servers). As a result, the server objects in the Configuration partition is displayed:<\/p>\n<p>[xml]C:\\&gt; dsquery server -isgc[\/xml]<\/p>\n<p>&#8220;CN=DC001,CN=Servers,CN=Site-Sidney,CN=Sites,CN=Configuration,DC=example,DC=root&#8221;<br \/>\n&#8220;CN=DC014,CN=Servers,CN=Site-Auckland,CN=Sites,CN=Configuration,DC=example,DC=root&#8221;<br \/>\n&#8230;<\/p>\n<p>[xml]C:\\&gt; dsquery server -isgc -domain &quot;dev.example.com&quot;[\/xml]<\/p>\n<p>&#8230;<\/p>\n<p>[xml]C:\\&gt; dsquery server -isgc -site &quot;Site-Auckland&quot;[\/xml]<\/p>\n<p>&#8230;<\/p>\n<h3><span style=\"color: #800000;\"><strong>Per Script with an LDAP filter<\/strong><\/span><br \/>\nIn the last section we have seen that the global catalog servers are present in the configuration partition of the directory as specific objects. Her we can look for them with our own script. These servers have set the first bit in their &#8216;options&#8217; attribute. All we need is the appropriate LDAP filter:<\/h3>\n<p>[xml]<br \/>\nldapFilter = &quot;(&amp;(objectClass=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))&quot;<\/p>\n<p>Set rootDSE = GetObject(&quot;LDAP:\/\/rootDSE&quot;)<br \/>\nconfigDN =\u00a0\u00a0 rootDSE.Get(&quot;configurationNamingContext&quot;)<\/p>\n<p>Set ado = CreateObject(&quot;ADODB.Connection&quot;)<br \/>\nado.Provider = &quot;ADSDSOObject&quot;<br \/>\nado.Open &quot;ADSearch&quot;<br \/>\nSet objectList =\u00a0\u00a0 ado.Execute(&quot;&lt;LDAP:\/\/&quot; &amp;configDN&amp; &quot;&gt;;&quot; &amp; ldapFilter &amp; &quot;;distinguishedName;subtree&quot;)<\/p>\n<p>While Not objectList.EOF<br \/>\nnTSDSA = objectList.Fields(&quot;distinguishedName&quot;)<br \/>\nserverDN = Mid(nTSDSA, 18)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8216;CN=NTDS Settings abschneiden =&gt; Server Objekt<br \/>\nSet serverObj = GetObject(&quot;LDAP:\/\/&quot; &amp; serverDN )<\/p>\n<p>WScript.Echo serverObj.dNSHostName<\/p>\n<p>objectList.MoveNext<br \/>\nWend<\/p>\n<p>[\/xml]<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With DNS Requests (NSLOOKUP) In an Active Directory environment, all Global Catalogs are anchored in DNS . There is a separate subdomain &#8216;GC._msdcs &#8230;.&#8217; in the namespace of the AD root domain (please remember: the global catalog does not refer to individual domains, but to the entire forest). So if your root domain in the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"close","ping_status":"close","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,22,6,14],"tags":[],"class_list":["post-2056","post","type-post","status-publish","format-standard","hentry","category-code-snippets","category-microsoft","category-networking","category-tutorials","author-admin"],"_links":{"self":[{"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2056"}],"version-history":[{"count":6,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2056\/revisions"}],"predecessor-version":[{"id":2062,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2056\/revisions\/2062"}],"wp:attachment":[{"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}