I'm quite aware that it's possible to authenticate local users against the Kerberos services of Active Directory, but seek a way to detect what the actual local KDC is in an environment that does not seem to publish the relevant SRV records for its Active Directory servers. Does anyone know a graceful way to deduce this, without running a full-blown nmap across the local network or trying to bother the Active Directory admins to reveal their secrets?
- Detecting AD server for Kerberized authentication on SL ... Nico Kadel-Garcia
