Using a command-line interface

The following command finds the closest domain controller in the specified domain (<DomainDNSName>); that is, a domain controller that is located in the same site or in the closest site if a local DC is not available. By default, it will return the closest DC for the computer nltest is being run from, but you can optionally use the /server option to target a remote host. If you are interested in finding a DC within a particular site regardless of whether it is the closest DC to you, you can also optionally specify the /site option to find a domain controller that belongs to a particular site.

	> nltest /dsgetdc:<DomainDNSName> [/site:<SiteName>] [/server:<ClientName>]

(more…)

Using a graphical user interface

Insert a Windows Server 2003 CD into the Windows 2000 domain controller or map a drive to the files contained on the CD. Run the following command from the \i386 directory:

	> winnt32 /checkupgradeonly

Using a command-line interface

To produce a compatibility report from the command line, first you need to create a text file containing the following information:

[Unattended]

Win9xUpgrade = Yes

[Win9xUpg]ReportOnly = Yes

SaveReportTo = "\\server1\upgradereports\"

Save this file as unattend.txt, and then run the following from the command-line:

	> winnt32 /checkupgradeonly /unattend:c:\unattend.txt

Exchange is very dependent upon Active Directory domain controllers. The list of domain controllers currently being used by a server is usually one of the first pieces of information you should gather when you encounter an Exchange issue. While this can be done through the GUI, it is much easier to get the data through a script.

(more…)

The DC locator process as described in MS KB 314861 and MS KB 247811 defines how clients find the closest domain controller. The process uses the site topology stored in Active Directory to calculate the site where a particular client is. After the client site has been identified, it is a matter of finding a domain controller that is either a member of that same site or that is covering that site.

(more…)

By default, the DHCP Server runs under the credentials of the computer account that is hosting it. If it happens to be running on a domain controller, it runs under the domain controller’s computer account. A domain controller has full permissions over any Active Directory-integrated zones it replicates. The result of the DHCP Server running on a domain controller means that if the DHCP Server has been configured to dynamically register DNS records on behalf of clients, it can potentially update any record stored in an Active Directory-integrated zone. Ultimately, that leaves the zones vulnerable to name hijacking, whereby a client can cause records to be overwritten that shouldn’t be. This can cause all sorts of havoc if an attacker starts replacing important records in your zones.

(more…)