RE: [ActiveDir] LDAP Ping

[Myrick, Todd \(NIH/CC/DCRI\) [E]]

Title: Message

Try portqry from Microsoft.    Nice features of this utility is that it can do initial binds to ports like SMTP and LDAP.   Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.   H:\>portqry -n yourdc -e 389 -p both   You can probably have this scripted in a batch file and schedule to run every minute to test connectivity like a ping.    Querying target system called:   yourdc   Attempting to resolve name to IP address...   Name resolved to x.y.z.a     TCP port 389 (ldap service): LISTENING   Sending LDAP query to TCP port 389...   LDAP query response:     currentdate: 08/04/2006 17:53:22 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=AD,DC=LO CAL dsServiceName: CN=NTDS Settings,CN=yourDC,CN=Servers,CN=NIH-MD-location,CN=Sites, CN=Configuration,DC=Security,DC=LOCAL namingContexts: CN=Configuration,DC=SSECURITY,DC=LOCAL defaultNamingContext: DC=nih,DC=gov schemaNamingContext: CN=Schema,CN=Configuration,DC=SSECURITY,DC=LOCAL configurationNamingContext: CN=Configuration,DC=SSECURITY,DC=LOCAL rootDomainNamingContext: DC=SSECURITY,DC=LOCAL supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 4918641 supportedSASLMechanisms: GSSAPI dnsHostName: NIHDC.nih.gov ldapServiceName: SECURITY.LOCAL:[EMAIL PROTECTED] serverName: CN=yourDC,CN=Servers,CN=MD-location,CN=Sites,CN=Configuration,DC= SECURITY,DC=LOCAL supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: FALSE domainFunctionality: 2 forestFunctionality: 0 domainControllerFunctionality: 2     ======== End of LDAP query response ========   UDP port 389 (unknown service): LISTENING or FILTERED   Sending LDAP query to UDP port 389...   LDAP query response:     currentdate: 08/04/2006 17:53:26 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=DHHSSECURITY,DC=LO CAL dsServiceName: CN=NTDS Settings,CN=NIHDC,CN=Servers,CN=NIH-MD-Bethesda,CN=Sites, CN=Configuration,DC=DHHSSECURITY,DC=LOCAL namingContexts: CN=Configuration,DC=DHHSSECURITY,DC=LOCAL defaultNamingContext: DC=nih,DC=gov schemaNamingContext: CN=Schema,CN=Configuration,DC=DHHSSECURITY,DC=LOCAL configurationNamingContext: CN=Configuration,DC=DHHSSECURITY,DC=LOCAL rootDomainNamingContext: DC=DHHSSECURITY,DC=LOCAL supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 4918645 supportedSASLMechanisms: GSSAPI dnsHostName: NIHDC.nih.gov ldapServiceName: DHHSSECURITY.LOCAL:[EMAIL PROTECTED] serverName: CN=NIHDC,CN=Servers,CN=NIH-MD-Bethesda,CN=Sites,CN=Configuration,DC= DHHSSECURITY,DC=LOCAL supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: FALSE domainFunctionality: 2 forestFunctionality: 0 domainControllerFunctionality: 2     ======== End of LDAP query response ========   UDP port 389 is LISTENING     H:\>   From: Bahta, Nathaniel V CTR USAF NASIC/SCNA [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 10:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Ping   No, nothing, the rdp client does not respond.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Friday, August 04, 2006 10:32 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Ping Are you able to RDP to the DC when it "hangs"?   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: 04 Aug 2006 14:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Ping Its not for troubleshooting, its so we can tell when the DC is hung, you cant tell when its hung because our monitoring software only pings by ip and it responds.  If it replies, I know it can serve ldap queries, and then i can rpc ping it and make sure that authentication requests will be answered.  Its just to do a quick check of whats going on first thing in the morning.   Nate   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, August 04, 2006 9:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Ping So you ldap ping the DC and it replies or it does not. What does this tell you? How does it help troubleshoot the issue?   I'd suggest more detailed tools are needed such as network / packet sniffers etc. They should be able to build a picture of the situation better than a ping which offers little more than a 'yes/no' response.   My 2 penneth :)   neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: 04 August 2006 13:54 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Ping Hey all,   Does anyone know of a command line utility that allows you to test ldap connections?  We have a dc that hangs, but remains pingable and I would like to do ldap pings to it to as well as rpc pings.  I know about the rpc ping utility, but I wanted to test for ldap connectivity as well.  Does anyone know of a utility like this?     Thanks,   Nate PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. **************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ****************************************************************************