You need to use an = after -type:
nslookup -type=srv _ldap._tcp.DOMAINNAME
answered Jun 22, 2010 at 10:36
Phil RossPhil Ross
7,2992 gold badges24 silver badges19 bronze badges
1
In cmd shell:
nslookup
set types=all
_ldap._tcp
BE77Y
2,6673 gold badges18 silver badges23 bronze badges
answered May 21, 2015 at 15:43
1
None of the above worked for me, I got every time an error like this (I’ve tried with all the combinations I can think of with the domain names):
*** Unknown can’t find _ldap._tcp: Non-existent domain
So another google search pointed to this method:
nltest /dclist:yourdomain.com
And this results in the list of the different servers in my network. Hope this saves an additional 2 minutes for someone else.
answered Apr 12, 2018 at 6:41
CrossCross
3351 gold badge4 silver badges9 bronze badges
1
Get-ADDomainController will list your domain controllers from domain
If you want to check it from another domain then use -server switch.
get-addomaincontroller -server "domain"
Davidw
1,2324 gold badges14 silver badges25 bronze badges
answered Apr 8, 2022 at 12:21
Windows cmd prompt uses «query» instead of «type» for some forsaken reason. Interactive nslookup still uses «set type=srv».
nslookup -query=srv _ldap._tcp.DOMAINNAME
EDIT: while «query» works it seems that I am 100% wrong. «type» works too.
answered Sep 7, 2014 at 4:14
AndyAndy
1,1211 gold badge7 silver badges10 bronze badges
1
«nslookup -query=srv _ldap._tcp.DOMAINNAME» worked for me, tried nslookup -type=srv _ldap._tcp.DOMAINNAME and didn’t work.
Server 2008 R2
answered Jun 5, 2019 at 21:02
You must log in to answer this question.
Not the answer you’re looking for? Browse other questions tagged
.
Not the answer you’re looking for? Browse other questions tagged
.
You need to use an = after -type:
nslookup -type=srv _ldap._tcp.DOMAINNAME
answered Jun 22, 2010 at 10:36
Phil RossPhil Ross
7,2992 gold badges24 silver badges19 bronze badges
1
In cmd shell:
nslookup
set types=all
_ldap._tcp
BE77Y
2,6673 gold badges18 silver badges23 bronze badges
answered May 21, 2015 at 15:43
1
None of the above worked for me, I got every time an error like this (I’ve tried with all the combinations I can think of with the domain names):
*** Unknown can’t find _ldap._tcp: Non-existent domain
So another google search pointed to this method:
nltest /dclist:yourdomain.com
And this results in the list of the different servers in my network. Hope this saves an additional 2 minutes for someone else.
answered Apr 12, 2018 at 6:41
CrossCross
3351 gold badge4 silver badges9 bronze badges
1
Get-ADDomainController will list your domain controllers from domain
If you want to check it from another domain then use -server switch.
get-addomaincontroller -server "domain"
Davidw
1,2324 gold badges14 silver badges25 bronze badges
answered Apr 8, 2022 at 12:21
Windows cmd prompt uses «query» instead of «type» for some forsaken reason. Interactive nslookup still uses «set type=srv».
nslookup -query=srv _ldap._tcp.DOMAINNAME
EDIT: while «query» works it seems that I am 100% wrong. «type» works too.
answered Sep 7, 2014 at 4:14
AndyAndy
1,1211 gold badge7 silver badges10 bronze badges
1
«nslookup -query=srv _ldap._tcp.DOMAINNAME» worked for me, tried nslookup -type=srv _ldap._tcp.DOMAINNAME and didn’t work.
Server 2008 R2
answered Jun 5, 2019 at 21:02
You must log in to answer this question.
Not the answer you’re looking for? Browse other questions tagged
.
Not the answer you’re looking for? Browse other questions tagged
.
I am trying develop an application (C#) to query an LDAP server. I don’t know the actual server named to query — is there a way to find out using standard windows tools or something in .net?
I’ve also heard rumors that having the server name (ldap://server/) is not always needed as long as I’ve got dc=domain,dc=com in my query string, but I’ve so far been able to work with it this way.
Any tips?
Thanks
Per Noalt
5,0622 gold badges29 silver badges20 bronze badges
asked Apr 14, 2009 at 20:36
0
AD registers Service Location (SRV) resource records in its DNS server which you can query to get the port and the hostname of the responsible LDAP server in your domain.
Just try this on the command-line:
C:\> nslookup
> set types=all
> _ldap._tcp.<<your.AD.domain>>
_ldap._tcp.<<your.AD.domain>> SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = <<ldap.hostname>>.<<your.AD.domain>>
(provided that your nameserver is the AD nameserver which should be the case for the AD to function properly)
Please see Active Directory SRV Records and Windows 2000 DNS white paper for more information.
answered Apr 15, 2009 at 8:40
Stefan GehrigStefan Gehrig
82.7k24 gold badges157 silver badges189 bronze badges
4
If you’re using AD you can use serverless binding to locate a domain controller for the default domain, then use LDAP://rootDSE to get information about the directory server, as described in the linked article.
answered Apr 14, 2009 at 20:45
JoeJoe
122k33 gold badges206 silver badges338 bronze badges
If the machine you are on is part of the AD domain, it should have its name servers set to the AD name servers (or hopefully use a DNS server path that will eventually resolve your AD domains). Using your example of dc=domain,dc=com, if you look up domain.com in the AD name servers it will return a list of the IPs of each AD Controller. Example from my company (w/ the domain name changed, but otherwise it’s a real example):
mokey 0 /home/jj33 > nslookup example.ad
Server: 172.16.2.10
Address: 172.16.2.10#53
Non-authoritative answer:
Name: example.ad
Address: 172.16.6.2
Name: example.ad
Address: 172.16.141.160
Name: example.ad
Address: 172.16.7.9
Name: example.ad
Address: 172.19.1.14
Name: example.ad
Address: 172.19.1.3
Name: example.ad
Address: 172.19.1.11
Name: example.ad
Address: 172.16.3.2
Note I’m actually making the query from a non-AD machine, but our unix name servers know to send queries for our AD domain (example.ad) over to the AD DNS servers.
I’m sure there’s a super-slick windowsy way to do this, but I like using the DNS method when I need to find the LDAP servers from a non-windows server.
answered Apr 14, 2009 at 21:00
jj33jj33
7,5532 gold badges38 silver badges42 bronze badges
- Remove From My Forums
-
Question
-
we have oce domain controller(win2003) and four additional dc. how to find ldap servers in our domain. ??? Any information is available in dns server???
Answers
-
You can use
nltest /dclist:yourdomain.com
hth
Marcin-
Edited by
Saturday, January 1, 2011 12:21 PM
-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Edited by
-
You need to use your own domain name as the parameter of the /dclist switch i.e.
nltest /dclist:yourdomain.com
alternatively you can use procedure described in
http://support.microsoft.com/kb/816587 to query DNS i.e.:- Click Start, and then click Run.
- In the Open box, type cmd.
- Type nslookup, and then press ENTER.
- Type set type=all, and then press ENTER.
- Type _ldap._tcp.dc._msdcs.<var>Domain_Name</var>, where <var>Domain_Name</var> is the name of your domain, and then press ENTER.
hth
Marcin-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Once again — YOU NEED TO SPECIFY YOUR DOMAIN NAME AS THE PARAMETER OF THE /dclist switch when running nltest.
So in your case, this likely would be:
nltest /dclist:mcg.muhaidibco.com
All of the entries listed as the output of this command represent individual domain controllers for the domain you provided. Each one of them functions as an LDAP server
hth
Marcin-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Proposed as answer by
You need to use an = after -type:
nslookup -type=srv _ldap._tcp.DOMAINNAME
answered Jun 22, 2010 at 10:36
Phil RossPhil Ross
7,1592 gold badges24 silver badges19 bronze badges
1
In cmd shell:
nslookup
set types=all
_ldap._tcp
BE77Y
2,6223 gold badges18 silver badges23 bronze badges
answered May 21, 2015 at 15:43
1
None of the above worked for me, I got every time an error like this (I’ve tried with all the combinations I can think of with the domain names):
*** Unknown can’t find _ldap._tcp: Non-existent domain
So another google search pointed to this method:
nltest /dclist:yourdomain.com
And this results in the list of the different servers in my network. Hope this saves an additional 2 minutes for someone else.
answered Apr 12, 2018 at 6:41
CrossCross
3251 gold badge4 silver badges9 bronze badges
1
Get-ADDomainController will list your domain controllers from domain
If you want to check it from another domain then use -server switch.
get-addomaincontroller -server "domain"
Davidw
1,2103 gold badges14 silver badges24 bronze badges
answered Apr 8, 2022 at 12:21
Windows cmd prompt uses «query» instead of «type» for some forsaken reason. Interactive nslookup still uses «set type=srv».
nslookup -query=srv _ldap._tcp.DOMAINNAME
EDIT: while «query» works it seems that I am 100% wrong. «type» works too.
answered Sep 7, 2014 at 4:14
AndyAndy
1,1011 gold badge7 silver badges10 bronze badges
1
«nslookup -query=srv _ldap._tcp.DOMAINNAME» worked for me, tried nslookup -type=srv _ldap._tcp.DOMAINNAME and didn’t work.
Server 2008 R2
answered Jun 5, 2019 at 21:02
I am trying develop an application (C#) to query an LDAP server. I don’t know the actual server named to query — is there a way to find out using standard windows tools or something in .net?
I’ve also heard rumors that having the server name (ldap://server/) is not always needed as long as I’ve got dc=domain,dc=com in my query string, but I’ve so far been able to work with it this way.
Any tips?
Thanks
Per Noalt
5,0322 gold badges28 silver badges20 bronze badges
asked Apr 14, 2009 at 20:36
0
AD registers Service Location (SRV) resource records in its DNS server which you can query to get the port and the hostname of the responsible LDAP server in your domain.
Just try this on the command-line:
C:> nslookup
> set types=all
> _ldap._tcp.<<your.AD.domain>>
_ldap._tcp.<<your.AD.domain>> SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = <<ldap.hostname>>.<<your.AD.domain>>
(provided that your nameserver is the AD nameserver which should be the case for the AD to function properly)
Please see Active Directory SRV Records and Windows 2000 DNS white paper for more information.
answered Apr 15, 2009 at 8:40
Stefan GehrigStefan Gehrig
82.2k24 gold badges158 silver badges188 bronze badges
4
If you’re using AD you can use serverless binding to locate a domain controller for the default domain, then use LDAP://rootDSE to get information about the directory server, as described in the linked article.
answered Apr 14, 2009 at 20:45
JoeJoe
121k30 gold badges200 silver badges333 bronze badges
If the machine you are on is part of the AD domain, it should have its name servers set to the AD name servers (or hopefully use a DNS server path that will eventually resolve your AD domains). Using your example of dc=domain,dc=com, if you look up domain.com in the AD name servers it will return a list of the IPs of each AD Controller. Example from my company (w/ the domain name changed, but otherwise it’s a real example):
mokey 0 /home/jj33 > nslookup example.ad
Server: 172.16.2.10
Address: 172.16.2.10#53
Non-authoritative answer:
Name: example.ad
Address: 172.16.6.2
Name: example.ad
Address: 172.16.141.160
Name: example.ad
Address: 172.16.7.9
Name: example.ad
Address: 172.19.1.14
Name: example.ad
Address: 172.19.1.3
Name: example.ad
Address: 172.19.1.11
Name: example.ad
Address: 172.16.3.2
Note I’m actually making the query from a non-AD machine, but our unix name servers know to send queries for our AD domain (example.ad) over to the AD DNS servers.
I’m sure there’s a super-slick windowsy way to do this, but I like using the DNS method when I need to find the LDAP servers from a non-windows server.
answered Apr 14, 2009 at 21:00
jj33jj33
7,4632 gold badges39 silver badges42 bronze badges
- Remove From My Forums
-
Question
-
we have oce domain controller(win2003) and four additional dc. how to find ldap servers in our domain. ??? Any information is available in dns server???
Answers
-
You can use
nltest /dclist:yourdomain.com
hth
Marcin-
Edited by
Saturday, January 1, 2011 12:21 PM
-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Edited by
-
You need to use your own domain name as the parameter of the /dclist switch i.e.
nltest /dclist:yourdomain.com
alternatively you can use procedure described in
http://support.microsoft.com/kb/816587 to query DNS i.e.:- Click Start, and then click Run.
- In the Open box, type cmd.
- Type nslookup, and then press ENTER.
- Type set type=all, and then press ENTER.
- Type _ldap._tcp.dc._msdcs.<var>Domain_Name</var>, where <var>Domain_Name</var> is the name of your domain, and then press ENTER.
hth
Marcin-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Once again — YOU NEED TO SPECIFY YOUR DOMAIN NAME AS THE PARAMETER OF THE /dclist switch when running nltest.
So in your case, this likely would be:
nltest /dclist:mcg.muhaidibco.com
All of the entries listed as the output of this command represent individual domain controllers for the domain you provided. Each one of them functions as an LDAP server
hth
Marcin-
Proposed as answer by
Meinolf Weber
Saturday, January 1, 2011 3:55 PM -
Marked as answer by
Bruce-Liu
Friday, January 28, 2011 9:31 AM
-
Proposed as answer by
Я пытаюсь разработать приложение (C#) для запроса сервера LDAP. Я не знаю фактический сервер, названный для запроса — есть ли способ узнать, используя стандартные инструменты windows или что-то в .net?
Я также слышал слухи о том,что имя сервера (ldap://server/) не всегда необходимо, пока у меня есть dc=domain, dc=com В моей строке запроса, но до сих пор я мог работать с ним таким образом.
какие-либо советы?
спасибо
3 ответов
Если вы используете AD, вы можете использовать привязка независимая чтобы найти контроллер домена для домена по умолчанию, используйте LDAP: / / rootDSE для получения информации о сервере каталогов, как описано в связанной статье.
AD регистрирует записи ресурсов местоположения службы (SRV) на своем DNS-сервере, которые вы можете запросить, чтобы получить порт и имя хоста ответственного сервера LDAP в вашем домене.
просто попробуйте это в командной строке:
C:> nslookup
> set types=all
> _ldap._tcp.<<your.AD.domain>>
_ldap._tcp.<<your.AD.domain>> SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = <<ldap.hostname>>.<<your.AD.domain>>
(при условии, что ваш сервер имен-это сервер имен объявлений, который должен функционировать должным образом)
см. записи SRV Active Directory и Windows 2000 DNS белая бумага для подробная информация.
если машина, на которой вы находитесь, является частью домена AD, ее серверы имен должны быть установлены на серверы имен AD (или, надеюсь, использовать путь DNS-сервера, который в конечном итоге разрешит ваши домены AD). Используя Ваш пример dc=domain, dc=com, Если вы посмотрите вверх domain.com на серверах имен AD он вернет список IP-адресов каждого контроллера AD. Пример из моей компании (с измененным доменным именем, но в остальном это реальный пример):
mokey 0 /home/jj33 > nslookup example.ad
Server: 172.16.2.10
Address: 172.16.2.10#53
Non-authoritative answer:
Name: example.ad
Address: 172.16.6.2
Name: example.ad
Address: 172.16.141.160
Name: example.ad
Address: 172.16.7.9
Name: example.ad
Address: 172.19.1.14
Name: example.ad
Address: 172.19.1.3
Name: example.ad
Address: 172.19.1.11
Name: example.ad
Address: 172.16.3.2
обратите внимание, что я на самом деле делаю запрос от не-AD машины, но наши серверы имен unix знают, чтобы отправлять запросы для нашего домена AD (пример.ad) на DNS-серверы AD.
Я уверен, что есть супер-гладкий способ windowsy сделать это, но мне нравится использовать метод DNS, когда мне нужно найти серверы LDAP с сервера, отличного от windows.
I’ve been looking for a way to get Active Directory’s LDAP server url from code running as domain user. The code needs to work correctly in situation with disjoint namespace, if possible. It’s unmanaged code so any .NET solutions are not an option unfortunately.
For some reason serverless binding doesn’t seem to be working in this case with ADO query returning unhelpful One or more errors occurred during processing of command error when using LDAP://DC=mycompany,DC=local (that’s the value of the defaultNamingContext attribute of rootDSE object).
Using the LOGONSERVER and USERDNSDOMAIN environment variables doesn’t appear to be an option either because the code also needs to be able to run under the SYSTEM account and there are no such variables there.
Any ideas or hints or specific RTFM advice will be much appreciated.
Update: The DNSHostName attribute of rootDSE seems to be what I need.
asked Mar 13, 2014 at 13:03
denisdenis
4134 silver badges10 bronze badges
I use this Visual Basic Script (VBS). Save the code as .vbs file and use ANSI charset. This script is old, but this can guide you to a better solution.
Set cn = CreateObject("ADODB.Connection")
Set cmd= CreateObject("ADODB.Command")
cn.Provider = "ADsDSOObject;"
cn.open
cmd.ActiveConnection = cn
' Root DSE required to get the default configuration naming context to
' be used as the root of the seach
set objRootDSE = getobject("LDAP://RootDSE")
' Construct the LDAP query that will find all the domain controllers
' in the domain
ldapQuery = "<LDAP://" & objRootDSE.Get("ConfigurationNamingContext") & _
">;((objectClass=nTDSDSA));ADsPath;subtree"
cmd.CommandText = ldapQuery
cmd.Properties("Page Size") = 1000
Set rs = cmd.Execute
do while rs.EOF <> True and rs.BOF <> True
' Bind to the domain controller computer object
' (This is the parent object of the result from the query)
set objDC = getobject(getobject(rs(0)).Parent)
wscript.echo objDC.dNSHostName
rs.MoveNext
Loop
cn.close
answered Mar 17, 2014 at 19:14
humungshumungs
1,1444 gold badges24 silver badges43 bronze badges
1
The DNSHostName attribute of rootDSE seems to be what I need.
answered Mar 17, 2014 at 19:02
denisdenis
4134 silver badges10 bronze badges
I’ve been looking for a way to get Active Directory’s LDAP server url from code running as domain user. The code needs to work correctly in situation with disjoint namespace, if possible. It’s unmanaged code so any .NET solutions are not an option unfortunately.
For some reason serverless binding doesn’t seem to be working in this case with ADO query returning unhelpful One or more errors occurred during processing of command error when using LDAP://DC=mycompany,DC=local (that’s the value of the defaultNamingContext attribute of rootDSE object).
Using the LOGONSERVER and USERDNSDOMAIN environment variables doesn’t appear to be an option either because the code also needs to be able to run under the SYSTEM account and there are no such variables there.
Any ideas or hints or specific RTFM advice will be much appreciated.
Update: The DNSHostName attribute of rootDSE seems to be what I need.
asked Mar 13, 2014 at 13:03
denisdenis
4134 silver badges10 bronze badges
I use this Visual Basic Script (VBS). Save the code as .vbs file and use ANSI charset. This script is old, but this can guide you to a better solution.
Set cn = CreateObject("ADODB.Connection")
Set cmd= CreateObject("ADODB.Command")
cn.Provider = "ADsDSOObject;"
cn.open
cmd.ActiveConnection = cn
' Root DSE required to get the default configuration naming context to
' be used as the root of the seach
set objRootDSE = getobject("LDAP://RootDSE")
' Construct the LDAP query that will find all the domain controllers
' in the domain
ldapQuery = "<LDAP://" & objRootDSE.Get("ConfigurationNamingContext") & _
">;((objectClass=nTDSDSA));ADsPath;subtree"
cmd.CommandText = ldapQuery
cmd.Properties("Page Size") = 1000
Set rs = cmd.Execute
do while rs.EOF <> True and rs.BOF <> True
' Bind to the domain controller computer object
' (This is the parent object of the result from the query)
set objDC = getobject(getobject(rs(0)).Parent)
wscript.echo objDC.dNSHostName
rs.MoveNext
Loop
cn.close
answered Mar 17, 2014 at 19:14
humungshumungs
1,1444 gold badges24 silver badges43 bronze badges
1
The DNSHostName attribute of rootDSE seems to be what I need.
answered Mar 17, 2014 at 19:02
denisdenis
4134 silver badges10 bronze badges