Yeah I have been looking at the parameters nltest has, I
would expect it would be able to do this too but I am not seeing something to do
it directly.
As I sat here thinking of ways to do this in an unauth'ed
manner I realized that a CLDAP ping will do it. The client site info is some of
the info that is returned ASSUMING that the subnet the client is in is defined.
There is a command that will do that ping for you... DsGetDCName which *is*
wrapped by nltest... So a simple nltest /dsgetdc:domain will return the info.
Just be prepared to catch the event that the client subnet isn't
defined.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Friday, February 03, 2006 6:17 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Script to determine a machine's site
Nod,
have since learned that ... my apologies.
I'm
guessing there's a mean of achieving that with nltest (or perhaps a few
iterations and some output parsing).
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 03, 2006 5:47 PM
To: 'Send - AD mailing list'
Subject: RE: [ActiveDir] Script to determine a machine's site
Yeah you could definitely get it to run but the /server
switch is telling nltest to get the site for that machine specified, not for the
machine running the command. So for instance, say I run that command against a
couple of DCs in different sites
[Fri 02/03/2006
17:25:57.72]
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:fastmofo
MyMainSite
The command completed successfully
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:fastmofo
MyMainSite
The command completed successfully
[Fri 02/03/2006
17:33:26.50]
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc01
MyMainSite
The command completed successfully
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc01
MyMainSite
The command completed successfully
[Fri 02/03/2006
17:33:30.13]
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc02
VSite
The command completed successfully
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc02
VSite
The command completed successfully
[Fri 02/03/2006
17:33:31.43]
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc10
VSite
The command completed successfully
F:\DEV\cpp\ATSN>nltest /dsgetsite /server:2k3dc10
VSite
The command completed successfully
Notice the different sites, those are the sites of the
servers specified in /server switch. Running the nltest command without
that switch on a machine that wasn't in a domain wouldn't be able to
resolve to a site because it doesn't have a default DC to go to. You would get
something like ERR_NO_SITE or something like that.
Now the atsn command has a -h host option that
lets you specify what host to run the command against (versus what machine to
get site info for like nltest) and you explicitely send the IP
addresses you want resolved to a site/subnet. Whether the client is in that
forest or not doesn't matter as long as it can auth (synced IDs or runas or net
use) the rpc call. The remote server will then take the IP addresses specified
and resolve to the sites/subnets that that AD has for the ipaddress. Note that
if you have multiple forests with different subnet/site definitions you would
obviously get different results asking DCs in the different forests. Most
everyone here should understand that but I have been asked about it before so
thought I would state it. Someone had used the command and accidently specified
a DC in a different forest and felt that the program should know that he really
meant his current forest since his machine was in that forest.
As for running on WinPE, I don't know, never
tried.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Friday, February 03, 2006 5:15 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Script to determine a machine's site
Per my
previous post, I'd forced some creds. down the target DCs throat prior to
executing NLTEST ... and, no, my local creds. do not match those of the
virtual domain in question ... 'cause that would be all kinds of just plain
wrong :o)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, February 03, 2006 4:56 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Script to determine a machine's site
Dean, let me guess: the name + pw
of the local administrator of your unjoined workstation and the target domain's
local admin account + pw are the same, and you're logged on to the client as
local admin...
I get "DsGetSiteName failed: Status = 5 0x5
ERROR_ACCESS_DENIED" without sufficient permissions... - or maybe I've just
locked down my policies different from yours
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Freitag, 3. Februar 2006 22:44
To: Send - AD mailing list
Subject: RE: [ActiveDir] Script to determine a machine's site
Indeed
it does, that's what I ran it on ...
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, February 03, 2006 4:32 PM
To: ActiveDir@mail.activedir.org; Send - AD mailing list
Subject: RE: [ActiveDir] Script to determine a machine's site
hmm - this won't work with non-domain joined clients
though...
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Freitag, 3. Februar 2006 21:10
To: Send - AD mailing list
Subject: RE: [ActiveDir] Script to determine a machine's site
Does
this suffice -
nltest
/dsgetsite /server:<domain FQDN>
Haven't tried anything of this kind myself under Wimpy
so I'm uncertain of its suitability.
--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, February 03, 2006 10:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Script to determine a machine's site
Does anyone have a script which can:
- Interrogate the local machine for its IP
address and mask
- Determine the subnet
which the machine resides in
-
Determine the site that corresponds to the that subnet
And all this must be possible on a machine which is
not joined to a domain.
Ideally, the script
should work when WinPE is running, too, as the machine is being built.
Any ideas?
neil
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.
