Re: List all DC in AD-domain and version of its OS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance


"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23Fb9FqB8JHA.240@xxxxxxxxxxxxxxxxxxxxxxx

"David Kriz" <Dakr@xxxxxxxx> wrote in message
news:u41FaZ%237JHA.6004@xxxxxxxxxxxxxxxxxxxxxxx
Please,

how can I list all computers account (its "Name", "DNSname", "Operating
system", "Service Pack version") which are "domain controllers" (DC) in
AD-domain?

I already have this script:
/--------------------------------- 8< ---------------------------------\
' Template:
http://windowsitpro.com/article/articleid/50071/how-can-i-list-all-domain-controllers-dcs-for-an-active-directory-ad-domain.html

Const ADS_SCOPE_SUBTREE = 2
Const InCounterB = True

If Wscript.Arguments.Count < 1 Then
Set objRootDSE = GetObject("LDAP://RootDSE";)
strConfigurationNC = objRootDSE.Get("configurationNamingContext")
LdapQueryS = strConfigurationNC
Else
strDomainName = Wscript.Arguments(0)
LdapQueryS ="cn=Configuration," & strDomainName
End If


Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
Set objCOmmand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://"; &
LdapQueryS & "' WHERE objectClass='nTDSDSA'"

Wscript.Echo "*** Input LDAP-query is: " & objCommand.CommandText
Wscript.Echo
Wscript.Echo "Next servers are Active Directory Domain Controllers: "

Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
i = 0
Do Until objRecordSet.EOF
i = i + 1
S = objRecordSet.Fields("distinguishedName").Value
DomainController = Mid(S,21,InStr(Mid(S,21),",")-1)
DomainController = S
If InCounterB Then
S = CStr(i) & "."
Else
S = ""
End If
Wscript.Echo S & DomainController
objRecordSet.MoveNext
Loop

Set objParent = Nothing
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRootDSE = Nothing
\--------------------------------- 8< ---------------------------------/

but unfortunately I don't know how to get rest of informations (like
"DNSname", "Operating system", "Service Pack version").
:-(


This example VBScript program should help:

http://www.rlmueller.net/Inventory.htm

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


The example program I linked documents all computers in the domain. It uses
the filter:

(objectCategory=computer)

for the ADO query. A filter for all servers would be:

(&(objectCategory=computer)(operatingSystem=*server*))

The method you use to find all DC's is to search the configuation container
for all objects that satisfy this filter:

(objectClass=nTDSDSA)

These are not DC objects. The parents of these objects represent DC's, but
they do not have an operatingSystem attribute. These objects indicate the
name of the DC and where it is in AD, but they are not the DC object itself.

A better query for you, if you only want to document domain controllers in
the domain, would be:

(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))

This filters on all computer objects where the ADS_UF_SERVER_TRUST_ACCOUNT
bit is set. The bit mask ADS_UF_SERVER_TRUST_ACCOUNT has the value &H2000
(hex), which is 8192 decimal.

The NetBIOS name of any computer object is the value of the sAMAccountName
object with the trailing "$" character stripped off. The DNS name is the
value of the dNSHostName attribute. The operating system is the value of the
operatingSystem attribute. All of these are attributes of the DC object in
AD. However, you must bind to the remote computer object itself using WMI to
retrieve information on the service pack, as demonstrated in the program I
linked. Since you need to bind to this remote object anyway, you may as well
also retrieve the operating system information from the WMI class, rather
than from the AD object.

Hopefully this gives you enough information to modify the program for you
needs.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.