Re: [ActiveDir] nslookup. AD beginer question

[Paul Williams]

There's a rather large error in my previous message: ...get a list of all the DNS servers for that domain.  For example, if you are using AD-Integrated DNS, you will get a list of any DCs that are also DNS servers.  Basically, that command returns the (Same as parent) records for the domain.   That should read: ...get a list of all DCs for that domain.  Basically, that command returns the (Same as parent) records for the domain, which are host (A) records for the domain [name].   Apologies all.  I don't know what I was thinking about when composing that mail.  I'll be sure to drink my first coffee of the day _before_ replying in the future!      --Paul   (No I didn't spot the error; I was notified offline ;-) ----- Original Message ----- From: Paul Williams To: ActiveDir@mail.activedir.org Sent: Tuesday, August 29, 2006 10:43 AM Subject: Re: [ActiveDir] nslookup. AD beginer question If you do NSLOOKUP DOMAIN-NAME.COM then you will get a list of all the DNS servers for that domain.  For example, if you are using AD-Integrated DNS, you will get a list of any DCs that are also DNS servers.  Basically, that command returns the (Same as parent) records for the domain.   If you want to pull all DCs in the domain, you need to run something like this:   nslookup -type=srv _ldap._tcp.dc._msdcs.domain-name.com     If you run the above command and get computer accounts back, see kb825675 as referenced by Steve.  I wasn't aware that that bug also registered A records for the domain name, but it might...   If you're new to NSLOOKUP, consider what information you want.  There's a bunch of different types of DNS record that might be of interest (A, CNAME, PTR, SRV, MX).  When troubleshooting AD, the main ones to look for are A and SRV (there's also an instance where you need to check the CNAME record too).  Remember that simply pinging a DC doesn't mean that the necessary SRV records are in place.  I personally always advise people to use a combination of NSLOOKUP and NLTEST to troubleshoot DNS and the locator process.  Use NSLOOKUP to see if the records that you expect are there, and NLTEST to make the DsGetDC and DsGetSite calls.     --Paul ----- Original Message ----- From: Ramon Linan To: ActiveDir@mail.activedir.org Sent: Monday, August 28, 2006 7:14 PM Subject: [ActiveDir] nslookup. AD beginer question Hi Everyone,   When I do a nslookup domain.com, being domain.com my AD domain, what should I see? A list of the dns server in my domain? A list of the DC?   The fact is that I am doing nslookup and I am getting, domain controllers but also a user’s computer!!!!   Thanks