| Author | Messages | |
dharding
Posts:24
 | | 07/18/2008 9:30 AM |
| I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.
Thank you.
| | | |
| laurahcomputing
Posts:41
| | 07/18/2008 9:35 AM |
| Is there any reasonable way to pull out up-to-dateness vector informaton? I
was playing around with different things but wasn't coming up with it.
- L
On Thu, Jul 17, 2008 at 12:07 PM, Brandon Shell <tshell@gmail.com> wrote:
> Cool.... and for those that are interested.... here are some other thing
> you can get with that code, but adding one or more of these values to "| ft
> Name,Domain,OSVersion" section.
>
> CurrentTime
> Domain
> Forest
> HighestCommittedUsn
> InboundConnections
> IPAddress
> Name
> OSVersion
> OutboundConnections
> Partitions
> Roles
> SiteName
>
> On Thu, Jul 17, 2008 at 2:58 PM, Salandra, Justin <jsalandra@transre.com>
> wrote:
>
>> Yes, thanks
>>
>>
>>
>> Justin A. Salandra
>>
>> Network Engineer
>>
>>
>> ------------------------------
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Thursday, July 17, 2008 1:58 PM
>>
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>>
>>
>> So it did work?
>>
>> On Thu, Jul 17, 2008 at 1:39 PM, Salandra, Justin <jsalandra@transre.com>
>> wrote:
>>
>> It would have helped if I spelled it correctly
>>
>>
>>
>> Justin A. Salandra
>>
>> Network Engineer
>>
>>
>> ------------------------------
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Thursday, July 17, 2008 1:27 PM
>>
>>
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>>
>>
>> That is odd... Try adding the System to the namespace like
>>
>>
>>
>> [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains
>> | %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>
>> On Thu, Jul 17, 2008 at 1:18 PM, Salandra, Justin <jsalandra@transre.com>
>> wrote:
>>
>> I tried to run this and got
>>
>>
>>
>> Unable to find type [DirectoryServices.ActiveDirectory.Forest]::
>>
>>
>>
>> Justin A. Salandra
>>
>> Network Engineer
>>
>>
>> ------------------------------
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Thursday, July 17, 2008 1:09 PM
>>
>>
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>>
>>
>> You can use this command from Powershell
>>
>>
>>
>> [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains |
>> %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>
>> On Thu, Jul 17, 2008 at 12:52 PM, Harding, Devon <
>> dharding@southernwine.com> wrote:
>>
>> Any command line tools?
>>
>>
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Thursday, July 17, 2008 12:50 PM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>>
>>
>> I use domainControllerFunctionality on rootDSE, but that involves minor
>> scripting.
>>
>> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
>> dharding@southernwine.com> wrote:
>>
>> I can use the following command to list all DCs in my forest, but what
>> command can I use to get the version (2000 or 2003)?
>>
>>
>>
>> dsquery server -o rdn -forest
>>
>>
>>
>> *Devon** Harding*
>>
>> *Windows Systems Engineer*
>>
>> *Southern Wine & Spirits - BSG*
>>
>> *954-602-2469*
>>
>>
>>
>>
>> ------------------------------
>>
>> *This message is the property of Southern Wine & Spirits or its
>> affiliates. It is intended only for the use of the individual or entity to
>> which it is addressed and may contain information that is non-public,
>> proprietary, privileged, confidential, and exempt from disclosure under
>> applicable law or may constitute as attorney work product. If you are not
>> the intended recipient, you are hereby notified that any use, dissemination,
>> distribution, or copying of this communication is strictly prohibited. If
>> you have received this communication in error, notify us immediately by
>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>> message immediately if this is an electronic communication.
>> Thank you.*
>>
>>
>>
>>
>>
>> "IMPORTANT NOTICE: The information in this email
>>
>> (and any attachments hereto) is confidential and may be
>>
>> protected by legal privileges and work product immunities.
>>
>> If you are not the intended recipient, you must not use or
>>
>> disseminate the information. Receipt by anyone other than the
>>
>> intended recipient is not a waiver of any attorney-client or work
>>
>> product privilege. If you have received this email in error, please
>>
>> immediately notify me by "Reply" command and permanently
>>
>> delete the original and any copies or printouts thereof. Although
>>
>> this email and any attachments are believed to be free of any virus
>>
>> or other defect that might affect any computer system into which it
>>
>> is received and opened, it is the responsibility of the recipient to
>>
>> insure that it is virus free and no responsibility is accepted by
>>
>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>
>> either jointly or severally, for any loss or damage arising in any way
>>
>> from its use."
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> "IMPORTANT NOTICE: The information in this email
>>
>> (and any attachments hereto) is confidential and may be
>>
>> protected by legal privileges and work product immunities.
>>
>> If you are not the intended recipient, you must not use or
>>
>> disseminate the information. Receipt by anyone other than the
>>
>> intended recipient is not a waiver of any attorney-client or work
>>
>> product privilege. If you have received this email in error, please
>>
>> immediately notify me by "Reply" command and permanently
>>
>> delete the original and any copies or printouts thereof. Although
>>
>> this email and any attachments are believed to be free of any virus
>>
>> or other defect that might affect any computer system into which it
>>
>> is received and opened, it is the responsibility of the recipient to
>>
>> insure that it is virus free and no responsibility is accepted by
>>
>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>
>> either jointly or severally, for any loss or damage arising in any way
>>
>> from its use."
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> "IMPORTANT NOTICE: The information in this email
>> (and any attachments hereto) is confidential and may be
>> protected by legal privileges and work product immunities.
>> If you are not the intended recipient, you must not use or
>> disseminate the information. Receipt by anyone other than the
>> intended recipient is not a waiver of any attorney-client or work
>> product privilege. If you have received this email in error, please
>> immediately notify me by "Reply" command and permanently
>> delete the original and any copies or printouts thereof. Although
>> this email and any attachments are believed to be free of any virus
>> or other defect that might affect any computer system into which it
>> is received and opened, it is the responsibility of the recipient to
>> insure that it is virus free and no responsibility is accepted by
>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>> either jointly or severally, for any loss or damage arising in any way
>> from its use."
>>
>>
>>
>>
>>
>
--
-----------------------
Laura E. Hunter
Architect, Oxford Computer Group (http://www.oxfordcomputergroup.com)
Microsoft MVP, Directory Services (
https://mvp.support.microsoft.com/profile/laura)
Author, Active Directory Consultant's Field Guide (http://tinyurl.com/7f8ll)
Author, Active Directory Cookbook, Second Edition (http://tinyurl.com/z7svl)
| | | |
| bdesmond
Posts:347
| | 07/18/2008 9:35 AM |
| Look at the S.DS.AD classes - there are abunch of replicaiton ones ... might
be something there.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 3:09 PM, Laura E. Hunter <laurahcomputing@gmail.com>
wrote:
> Is there any reasonable way to pull out up-to-dateness vector informaton?
> I was playing around with different things but wasn't coming up with it.
>
> - L
>
> On Thu, Jul 17, 2008 at 12:07 PM, Brandon Shell <tshell@gmail.com>
> wrote:
>
>> Cool.... and for those that are interested.... here are some other thing
>> you can get with that code, but adding one or more of these values to "| ft
>> Name,Domain,OSVersion" section.
>>
>> CurrentTime
>> Domain
>> Forest
>> HighestCommittedUsn
>> InboundConnections
>> IPAddress
>> Name
>> OSVersion
>> OutboundConnections
>> Partitions
>> Roles
>> SiteName
>>
>> On Thu, Jul 17, 2008 at 2:58 PM, Salandra, Justin <
>> jsalandra@transre.com> wrote:
>>
>>> Yes, thanks
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:58 PM
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> So it did work?
>>>
>>> On Thu, Jul 17, 2008 at 1:39 PM, Salandra, Justin <jsalandra@transre.com>
>>> wrote:
>>>
>>> It would have helped if I spelled it correctly
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:27 PM
>>>
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> That is odd... Try adding the System to the namespace like
>>>
>>>
>>>
>>> [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains
>>> | %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>>
>>> On Thu, Jul 17, 2008 at 1:18 PM, Salandra, Justin <jsalandra@transre.com>
>>> wrote:
>>>
>>> I tried to run this and got
>>>
>>>
>>>
>>> Unable to find type [DirectoryServices.ActiveDirectory.Forest]::
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:09 PM
>>>
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> You can use this command from Powershell
>>>
>>>
>>>
>>> [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains |
>>> %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>>
>>> On Thu, Jul 17, 2008 at 12:52 PM, Harding, Devon <
>>> dharding@southernwine.com> wrote:
>>>
>>> Any command line tools?
>>>
>>>
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 12:50 PM
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> I use domainControllerFunctionality on rootDSE, but that involves minor
>>> scripting.
>>>
>>> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
>>> dharding@southernwine.com> wrote:
>>>
>>> I can use the following command to list all DCs in my forest, but what
>>> command can I use to get the version (2000 or 2003)?
>>>
>>>
>>>
>>> dsquery server -o rdn -forest
>>>
>>>
>>>
>>> *Devon** Harding*
>>>
>>> *Windows Systems Engineer*
>>>
>>> *Southern Wine & Spirits - BSG*
>>>
>>> *954-602-2469*
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> *This message is the property of Southern Wine & Spirits or its
>>> affiliates. It is intended only for the use of the individual or entity to
>>> which it is addressed and may contain information that is non-public,
>>> proprietary, privileged, confidential, and exempt from disclosure under
>>> applicable law or may constitute as attorney work product. If you are not
>>> the intended recipient, you are hereby notified that any use, dissemination,
>>> distribution, or copying of this communication is strictly prohibited. If
>>> you have received this communication in error, notify us immediately by
>>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>>> message immediately if this is an electronic communication.
>>> Thank you.*
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>>
>>> (and any attachments hereto) is confidential and may be
>>>
>>> protected by legal privileges and work product immunities.
>>>
>>> If you are not the intended recipient, you must not use or
>>>
>>> disseminate the information. Receipt by anyone other than the
>>>
>>> intended recipient is not a waiver of any attorney-client or work
>>>
>>> product privilege. If you have received this email in error, please
>>>
>>> immediately notify me by "Reply" command and permanently
>>>
>>> delete the original and any copies or printouts thereof. Although
>>>
>>> this email and any attachments are believed to be free of any virus
>>>
>>> or other defect that might affect any computer system into which it
>>>
>>> is received and opened, it is the responsibility of the recipient to
>>>
>>> insure that it is virus free and no responsibility is accepted by
>>>
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>>
>>> either jointly or severally, for any loss or damage arising in any way
>>>
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>>
>>> (and any attachments hereto) is confidential and may be
>>>
>>> protected by legal privileges and work product immunities.
>>>
>>> If you are not the intended recipient, you must not use or
>>>
>>> disseminate the information. Receipt by anyone other than the
>>>
>>> intended recipient is not a waiver of any attorney-client or work
>>>
>>> product privilege. If you have received this email in error, please
>>>
>>> immediately notify me by "Reply" command and permanently
>>>
>>> delete the original and any copies or printouts thereof. Although
>>>
>>> this email and any attachments are believed to be free of any virus
>>>
>>> or other defect that might affect any computer system into which it
>>>
>>> is received and opened, it is the responsibility of the recipient to
>>>
>>> insure that it is virus free and no responsibility is accepted by
>>>
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>>
>>> either jointly or severally, for any loss or damage arising in any way
>>>
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>> (and any attachments hereto) is confidential and may be
>>> protected by legal privileges and work product immunities.
>>> If you are not the intended recipient, you must not use or
>>> disseminate the information. Receipt by anyone other than the
>>> intended recipient is not a waiver of any attorney-client or work
>>> product privilege. If you have received this email in error, please
>>> immediately notify me by "Reply" command and permanently
>>> delete the original and any copies or printouts thereof. Although
>>> this email and any attachments are believed to be free of any virus
>>> or other defect that might affect any computer system into which it
>>> is received and opened, it is the responsibility of the recipient to
>>> insure that it is virus free and no responsibility is accepted by
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>> either jointly or severally, for any loss or damage arising in any way
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> -----------------------
> Laura E. Hunter
> Architect, Oxford Computer Group (http://www.oxfordcomputergroup.com)
> Microsoft MVP, Directory Services (
> https://mvp.support.microsoft.com/profile/laura)
> Author, Active Directory Consultant's Field Guide (
> http://tinyurl.com/7f8ll)
> Author, Active Directory Cookbook, Second Edition (
> http://tinyurl.com/z7svl)
>
| | | |
| listmail
Posts:428
| | 07/18/2008 9:37 AM |
| Why? This data is in the directory, no need to go touch every DC which would
take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <dharding@southernwine.com>
wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
_____
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under applicable law or
may constitute as attorney work product. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, notify us immediately by
telephone and (i) destroy this message if a facsimile or (ii) delete this
message immediately if this is an electronic communication.
Thank you.
| | | |
| bsonposh
Posts:168
| | 07/18/2008 9:37 AM |
| Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
> Why? This data is in the directory, no need to go touch every DC which
> would take likely minutes instead of seconds.
>
> Run this against every domain (replacing the -b switch as necessary)
>
> adfind -b dc=domain,dc=com -f
> "&(objectcategory=computer)(primarygroupid=516)" operatingsystem
> operatingsystemversion operatingsystemservicepack -csv
>
>
> joe
>
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
> *Sent:* Thursday, July 17, 2008 12:50 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
> I use domainControllerFunctionality on rootDSE, but that involves minor
> scripting.
>
> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
> dharding@southernwine.com> wrote:
>
>> I can use the following command to list all DCs in my forest, but what
>> command can I use to get the version (2000 or 2003)?
>>
>>
>>
>> dsquery server -o rdn -forest
>>
>>
>>
>> *Devon Harding*
>>
>> *Windows Systems Engineer*
>>
>> *Southern Wine & Spirits - BSG*
>>
>> *954-602-2469*
>>
>>
>>
>> ------------------------------
>> *This message is the property of Southern Wine & Spirits or its
>> affiliates. It is intended only for the use of the individual or entity to
>> which it is addressed and may contain information that is non-public,
>> proprietary, privileged, confidential, and exempt from disclosure under
>> applicable law or may constitute as attorney work product. If you are not
>> the intended recipient, you are hereby notified that any use, dissemination,
>> distribution, or copying of this communication is strictly prohibited. If
>> you have received this communication in error, notify us immediately by
>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>> message immediately if this is an electronic communication.
>> Thank you.*
>>
>
>
| | | |
| dharding
Posts:24
| | 07/18/2008 9:39 AM |
| Well, when you have some sites which work on their own IT schedule, it
can be tough to keep up. Especially in a forest with over 15 domains
and 50 domain controllers.
BTW, the powershell command worked great!
-Devon
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, July 17, 2008 10:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
The OP will still have less domains than DCs.
Personally I'd step back a step and inquire why the OP doesn't know
these details already. I'd also be collecitng it from the boxes directly
along with all the other pertinent information I'm guessing is not there
since this data isn't.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
Why? This data is in the directory, no need to go touch every DC which
would take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon
<dharding@southernwine.com> wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
________________________________
This message is the property of Southern Wine & Spirits or its
affiliates. It is intended only for the use of the individual or entity
to which it is addressed and may contain information that is non-public,
proprietary, privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product. If you are
not the intended recipient, you are hereby notified that any use,
dissemination, distribution, or copying of this communication is
strictly prohibited. If you have received this communication in error,
notify us immediately by telephone and (i) destroy this message if a
facsimile or (ii) delete this message immediately if this is an
electronic communication.
Thank you.
| | | |
| listmail
Posts:428
| | 07/18/2008 9:45 AM |
| Out of curiosity, how much faster was the perl script? I am wondering if it
hit the orders of magnitude prediction.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harding, Devon
Sent: Friday, July 18, 2008 9:30 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller version
Well, when you have some sites which work on their own IT schedule, it can
be tough to keep up. Especially in a forest with over 15 domains and 50
domain controllers.
BTW, the powershell command worked great!
-Devon
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, July 17, 2008 10:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
The OP will still have less domains than DCs.
Personally I'd step back a step and inquire why the OP doesn't know these
details already. I'd also be collecitng it from the boxes directly along
with all the other pertinent information I'm guessing is not there since
this data isn't.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
Why? This data is in the directory, no need to go touch every DC which would
take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <dharding@southernwine.com>
wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
_____
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under applicable law or
may constitute as attorney work product. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, notify us immediately by
telephone and (i) destroy this message if a facsimile or (ii) delete this
message immediately if this is an electronic communication.
Thank you.
| | | |
| bsonposh
Posts:168
| | 07/18/2008 9:53 AM |
| @joe, I dont think anyone would suggest that you perl script wouldn't be, as
you put it "orders of magnitude" faster. Just more complex than needed  by
the time you posted it the powershell script was done.
To be clear here... I am not entirely sure how the .NET call actually works.
It may very due what you suggest, but I am not certain.
On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
> Out of curiosity, how much faster was the perl script? I am wondering if
> it hit the orders of magnitude prediction.
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harding, Devon
> *Sent:* Friday, July 18, 2008 9:30 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] Domain Controller version
>
> Well, when you have some sites which work on their own IT schedule, it
> can be tough to keep up. Especially in a forest with over 15 domains and 50
> domain controllers.
>
>
>
> BTW, the powershell command worked great!
>
>
>
> -Devon
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Thursday, July 17, 2008 10:53 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
>
>
> The OP will still have less domains than DCs.
>
>
>
> Personally I'd step back a step and inquire why the OP doesn't know these
> details already. I'd also be collecitng it from the boxes directly along
> with all the other pertinent information I'm guessing is not there since
> this data isn't.
>
>
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
> On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
>
> Cause that is for the domain... he wants it for his forest.
>
>
>
> On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
>
> Why? This data is in the directory, no need to go touch every DC which
> would take likely minutes instead of seconds.
>
>
>
> Run this against every domain (replacing the -b switch as necessary)
>
>
>
> adfind -b dc=domain,dc=com -f
> "&(objectcategory=computer)(primarygroupid=516)" operatingsystem
> operatingsystemversion operatingsystemservicepack -csv
>
>
>
>
>
> joe
>
>
>
>
>
>
>
> --
>
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
> *Sent:* Thursday, July 17, 2008 12:50 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
> I use domainControllerFunctionality on rootDSE, but that involves minor
> scripting.
>
> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
> dharding@southernwine.com> wrote:
>
> I can use the following command to list all DCs in my forest, but what
> command can I use to get the version (2000 or 2003)?
>
>
>
> dsquery server -o rdn -forest
>
>
>
> *Devon Harding*
>
> *Windows Systems Engineer*
>
> *Southern Wine & Spirits - BSG*
>
> *954-602-2469*
>
>
>
>
> ------------------------------
>
> *This message is the property of Southern Wine & Spirits or its
> affiliates. It is intended only for the use of the individual or entity to
> which it is addressed and may contain information that is non-public,
> proprietary, privileged, confidential, and exempt from disclosure under
> applicable law or may constitute as attorney work product. If you are not
> the intended recipient, you are hereby notified that any use, dissemination,
> distribution, or copying of this communication is strictly prohibited. If
> you have received this communication in error, notify us immediately by
> telephone and (i) destroy this message if a facsimile or (ii) delete this
> message immediately if this is an electronic communication.
> Thank you.*
>
>
>
>
>
>
>
| | | |
| listmail
Posts:428
| | 07/18/2008 9:59 AM |
| Err didn't know it was a race Mr. Hare.
Kind of scary that you don't have an understanding of what your script is
doing... What if you had a couple hundred or even a couple thousand DCs, you
would have no clue how it would perform or what the possible issues might be
that it runs into. I am being serious.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Friday, July 18, 2008 9:50 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
@joe, I dont think anyone would suggest that you perl script wouldn't be, as
you put it "orders of magnitude" faster. Just more complex than needed by
the time you posted it the powershell script was done.
To be clear here... I am not entirely sure how the .NET call actually works.
It may very due what you suggest, but I am not certain.
On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
Out of curiosity, how much faster was the perl script? I am wondering if it
hit the orders of magnitude prediction.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harding, Devon
Sent: Friday, July 18, 2008 9:30 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller version
Well, when you have some sites which work on their own IT schedule, it can
be tough to keep up. Especially in a forest with over 15 domains and 50
domain controllers.
BTW, the powershell command worked great!
-Devon
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, July 17, 2008 10:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
The OP will still have less domains than DCs.
Personally I'd step back a step and inquire why the OP doesn't know these
details already. I'd also be collecitng it from the boxes directly along
with all the other pertinent information I'm guessing is not there since
this data isn't.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
Why? This data is in the directory, no need to go touch every DC which would
take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <dharding@southernwine.com>
wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
_____
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under applicable law or
may constitute as attorney work product. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, notify us immediately by
telephone and (i) destroy this message if a facsimile or (ii) delete this
message immediately if this is an electronic communication.
Thank you.
| | | |
| bsonposh
Posts:168
| | 07/18/2008 10:15 AM |
| joe... there are only a very few that know what the APIs they are calling
"REALLY" do. They can speculate, but unless you have source code access and
the ability to comb through 1000s of sources files there is a point at which
you need to trust.
Everyone that use adfind.exe has to place some level of trust in you.
AFAIK... your the only one with the source. Are you suggesting that everyone
stop using adfind.exe because they dont know how it works?
RE: What I posted. We have discuss this before. The impression the OP gave
was that he just wanted the information. I posted how I knew he could it do
it. End of story. Had he suggested this is something to be ran regularly
then performance would have been a consideration.
On Fri, Jul 18, 2008 at 9:56 AM, joe <listmail@joeware.net> wrote:
> Err didn't know it was a race Mr. Hare.
>
> Kind of scary that you don't have an understanding of what your script is
> doing... What if you had a couple hundred or even a couple thousand DCs, you
> would have no clue how it would perform or what the possible issues might be
> that it runs into. I am being serious.
>
> joe
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
> *Sent:* Friday, July 18, 2008 9:50 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
> @joe, I dont think anyone would suggest that you perl script wouldn't
> be, as you put it "orders of magnitude" faster. Just more complex than
> needed by the time you posted it the powershell script was done.
>
> To be clear here... I am not entirely sure how the .NET call actually
> works. It may very due what you suggest, but I am not certain.
> On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
>
>> Out of curiosity, how much faster was the perl script? I am wondering if
>> it hit the orders of magnitude prediction.
>>
>>
>> --
>> O'Reilly Active Directory Third Edition -
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>> ------------------------------
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harding, Devon
>> *Sent:* Friday, July 18, 2008 9:30 AM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* RE: [ActiveDir] Domain Controller version
>>
>> Well, when you have some sites which work on their own IT schedule, it
>> can be tough to keep up. Especially in a forest with over 15 domains and 50
>> domain controllers.
>>
>>
>>
>> BTW, the powershell command worked great!
>>
>>
>>
>> -Devon
>>
>>
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
>> *Sent:* Thursday, July 17, 2008 10:53 PM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>>
>>
>> The OP will still have less domains than DCs.
>>
>>
>>
>> Personally I'd step back a step and inquire why the OP doesn't know these
>> details already. I'd also be collecitng it from the boxes directly along
>> with all the other pertinent information I'm guessing is not there since
>> this data isn't.
>>
>>
>> Thanks,
>> Brian Desmond
>> brian@briandesmond.com
>>
>> c - 312.731.3132
>>
>> On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
>>
>> Cause that is for the domain... he wants it for his forest.
>>
>>
>>
>> On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
>>
>> Why? This data is in the directory, no need to go touch every DC which
>> would take likely minutes instead of seconds.
>>
>>
>>
>> Run this against every domain (replacing the -b switch as necessary)
>>
>>
>>
>> adfind -b dc=domain,dc=com -f
>> "&(objectcategory=computer)(primarygroupid=516)" operatingsystem
>> operatingsystemversion operatingsystemservicepack -csv
>>
>>
>>
>>
>>
>> joe
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> O'Reilly Active Directory Third Edition -
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>>
>>
>>
>> ------------------------------
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Thursday, July 17, 2008 12:50 PM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>> I use domainControllerFunctionality on rootDSE, but that involves minor
>> scripting.
>>
>> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
>> dharding@southernwine.com> wrote:
>>
>> I can use the following command to list all DCs in my forest, but what
>> command can I use to get the version (2000 or 2003)?
>>
>>
>>
>> dsquery server -o rdn -forest
>>
>>
>>
>> *Devon Harding*
>>
>> *Windows Systems Engineer*
>>
>> *Southern Wine & Spirits - BSG*
>>
>> *954-602-2469*
>>
>>
>>
>>
>> ------------------------------
>>
>> *This message is the property of Southern Wine & Spirits or its
>> affiliates. It is intended only for the use of the individual or entity to
>> which it is addressed and may contain information that is non-public,
>> proprietary, privileged, confidential, and exempt from disclosure under
>> applicable law or may constitute as attorney work product. If you are not
>> the intended recipient, you are hereby notified that any use, dissemination,
>> distribution, or copying of this communication is strictly prohibited. If
>> you have received this communication in error, notify us immediately by
>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>> message immediately if this is an electronic communication.
>> Thank you.*
>>
>>
>>
>>
>>
>>
>>
>
>
| | | |
| darren
Posts:154
| | 07/18/2008 10:31 AM |
| Boys.now, go to your corners and don't come out until teacher says to.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Friday, July 18, 2008 7:14 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
joe... there are only a very few that know what the APIs they are calling
"REALLY" do. They can speculate, but unless you have source code access and
the ability to comb through 1000s of sources files there is a point at which
you need to trust.
Everyone that use adfind.exe has to place some level of trust in you.
AFAIK... your the only one with the source. Are you suggesting that everyone
stop using adfind.exe because they dont know how it works?
RE: What I posted. We have discuss this before. The impression the OP gave
was that he just wanted the information. I posted how I knew he could it do
it. End of story. Had he suggested this is something to be ran regularly
then performance would have been a consideration.
On Fri, Jul 18, 2008 at 9:56 AM, joe <listmail@joeware.net> wrote:
Err didn't know it was a race Mr. Hare.
Kind of scary that you don't have an understanding of what your script is
doing... What if you had a couple hundred or even a couple thousand DCs, you
would have no clue how it would perform or what the possible issues might be
that it runs into. I am being serious.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Friday, July 18, 2008 9:50 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
@joe, I dont think anyone would suggest that you perl script wouldn't be, as
you put it "orders of magnitude" faster. Just more complex than needed by
the time you posted it the powershell script was done.
To be clear here... I am not entirely sure how the .NET call actually works.
It may very due what you suggest, but I am not certain.
On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
Out of curiosity, how much faster was the perl script? I am wondering if it
hit the orders of magnitude prediction.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harding, Devon
Sent: Friday, July 18, 2008 9:30 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller version
Well, when you have some sites which work on their own IT schedule, it can
be tough to keep up. Especially in a forest with over 15 domains and 50
domain controllers.
BTW, the powershell command worked great!
-Devon
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, July 17, 2008 10:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
The OP will still have less domains than DCs.
Personally I'd step back a step and inquire why the OP doesn't know these
details already. I'd also be collecitng it from the boxes directly along
with all the other pertinent information I'm guessing is not there since
this data isn't.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
Why? This data is in the directory, no need to go touch every DC which would
take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <dharding@southernwine.com>
wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
_____
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under applicable law or
may constitute as attorney work product. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, notify us immediately by
telephone and (i) destroy this message if a facsimile or (ii) delete this
message immediately if this is an electronic communication.
Thank you.
| | | |
| irishbug
Posts:23
| | 07/18/2008 10:33 AM |
| Zing!!!!! joe, your reply?
On Fri, Jul 18, 2008 at 10:13 AM, Brandon Shell <tshell@gmail.com> wrote:
> joe... there are only a very few that know what the APIs they are calling
> "REALLY" do. They can speculate, but unless you have source code access and
> the ability to comb through 1000s of sources files there is a point at which
> you need to trust.
> Everyone that use adfind.exe has to place some level of trust in you.
> AFAIK... your the only one with the source. Are you suggesting that everyone
> stop using adfind.exe because they dont know how it works?
>
> RE: What I posted. We have discuss this before. The impression the OP gave
> was that he just wanted the information. I posted how I knew he could it do
> it. End of story. Had he suggested this is something to be ran regularly
> then performance would have been a consideration.
>
> On Fri, Jul 18, 2008 at 9:56 AM, joe <listmail@joeware.net> wrote:
>
>> Err didn't know it was a race Mr. Hare.
>>
>> Kind of scary that you don't have an understanding of what your script is
>> doing... What if you had a couple hundred or even a couple thousand DCs, you
>> would have no clue how it would perform or what the possible issues might be
>> that it runs into. I am being serious.
>>
>> joe
>>
>> --
>> O'Reilly Active Directory Third Edition -
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>> ------------------------------
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>> *Sent:* Friday, July 18, 2008 9:50 AM
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] Domain Controller version
>>
>> @joe, I dont think anyone would suggest that you perl script wouldn't
>> be, as you put it "orders of magnitude" faster. Just more complex than
>> needed by the time you posted it the powershell script was done.
>>
>> To be clear here... I am not entirely sure how the .NET call actually
>> works. It may very due what you suggest, but I am not certain.
>> On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
>>
>>> Out of curiosity, how much faster was the perl script? I am wondering
>>> if it hit the orders of magnitude prediction.
>>>
>>>
>>> --
>>> O'Reilly Active Directory Third Edition -
>>> http://www.joeware.net/win/ad3e.htm
>>>
>>>
>>>
>>> ------------------------------
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harding, Devon
>>> *Sent:* Friday, July 18, 2008 9:30 AM
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* RE: [ActiveDir] Domain Controller version
>>>
>>> Well, when you have some sites which work on their own IT schedule,
>>> it can be tough to keep up. Especially in a forest with over 15 domains and
>>> 50 domain controllers.
>>>
>>>
>>>
>>> BTW, the powershell command worked great!
>>>
>>>
>>>
>>> -Devon
>>>
>>>
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
>>> *Sent:* Thursday, July 17, 2008 10:53 PM
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> The OP will still have less domains than DCs.
>>>
>>>
>>>
>>> Personally I'd step back a step and inquire why the OP doesn't know these
>>> details already. I'd also be collecitng it from the boxes directly along
>>> with all the other pertinent information I'm guessing is not there since
>>> this data isn't.
>>>
>>>
>>> Thanks,
>>> Brian Desmond
>>> brian@briandesmond.com
>>>
>>> c - 312.731.3132
>>>
>>> On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
>>>
>>> Cause that is for the domain... he wants it for his forest.
>>>
>>>
>>>
>>> On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
>>>
>>> Why? This data is in the directory, no need to go touch every DC which
>>> would take likely minutes instead of seconds.
>>>
>>>
>>>
>>> Run this against every domain (replacing the -b switch as necessary)
>>>
>>>
>>>
>>> adfind -b dc=domain,dc=com -f
>>> "&(objectcategory=computer)(primarygroupid=516)" operatingsystem
>>> operatingsystemversion operatingsystemservicepack -csv
>>>
>>>
>>>
>>>
>>>
>>> joe
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> O'Reilly Active Directory Third Edition -
>>> http://www.joeware.net/win/ad3e.htm
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 12:50 PM
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>> I use domainControllerFunctionality on rootDSE, but that involves minor
>>> scripting.
>>>
>>> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
>>> dharding@southernwine.com> wrote:
>>>
>>> I can use the following command to list all DCs in my forest, but what
>>> command can I use to get the version (2000 or 2003)?
>>>
>>>
>>>
>>> dsquery server -o rdn -forest
>>>
>>>
>>>
>>> *Devon Harding*
>>>
>>> *Windows Systems Engineer*
>>>
>>> *Southern Wine & Spirits - BSG*
>>>
>>> *954-602-2469*
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> *This message is the property of Southern Wine & Spirits or its
>>> affiliates. It is intended only for the use of the individual or entity to
>>> which it is addressed and may contain information that is non-public,
>>> proprietary, privileged, confidential, and exempt from disclosure under
>>> applicable law or may constitute as attorney work product. If you are not
>>> the intended recipient, you are hereby notified that any use, dissemination,
>>> distribution, or copying of this communication is strictly prohibited. If
>>> you have received this communication in error, notify us immediately by
>>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>>> message immediately if this is an electronic communication.
>>> Thank you.*
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
| | | |
| listmail
Posts:428
| | 07/18/2008 11:32 AM |
| I feel for something like this in the generic case you should have some idea
at a high level such as, this reaches out to all of the individual DCs or
this makes a LDAP call to any DC in the domain/forest. If someone has a mom
and pop shop, true, they likely won't care because it won't matter either
way. But once you get into larger environments you need to be more cognizant
of what is going on. That way you can maybe give a caveat like... this
works, but in a larger environment there might be a better way or this will
go a bit slow unless you multithread it.
You seemed to indicate though in your initial post that you knew what was
going on. You mentioned getting the info from rootdse with simple scripting.
Then posted that script which I took to mean that was your way to script
going against the RootDSE for this info. Then you came back and admitted you
didn't really know how it worked.
Had you never posted the script, I simply would have said, going to the
RootDSE of every DC in the forest for this information is not an optimal
plan in any but the smallest orgs and would have suggested the same query I
did before (choose your query tool, you could probably even use PowerShell
to do it). Then you would have come back and said but he needs the info for
the whole forest, not just a single domain like that helped it make sense to
query every DC in the forest and I would have again said, so ping one DC in
every domain with the query...
BTW, the AdFind example is a bad example. It does an LDAP call, you know it
does, that is what AdFind does.  Anyway, you don't need source access or
the ability to read source to get a generic idea of what something is doing,
for something like this, just turn on WireShark and watch it.
joe
P.S. If the .NET stuff is using a couple of LDAP calls to the domains to get
the info instead of querying the RootDSE on every DC in a forest, excellent.
It shows exactly why folks who don't have a thorough understanding of the
things they are working with should use it.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Friday, July 18, 2008 10:14 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
joe... there are only a very few that know what the APIs they are calling
"REALLY" do. They can speculate, but unless you have source code access and
the ability to comb through 1000s of sources files there is a point at which
you need to trust.
Everyone that use adfind.exe has to place some level of trust in you.
AFAIK... your the only one with the source. Are you suggesting that everyone
stop using adfind.exe because they dont know how it works?
RE: What I posted. We have discuss this before. The impression the OP gave
was that he just wanted the information. I posted how I knew he could it do
it. End of story. Had he suggested this is something to be ran regularly
then performance would have been a consideration.
On Fri, Jul 18, 2008 at 9:56 AM, joe <listmail@joeware.net> wrote:
Err didn't know it was a race Mr. Hare.
Kind of scary that you don't have an understanding of what your script is
doing... What if you had a couple hundred or even a couple thousand DCs, you
would have no clue how it would perform or what the possible issues might be
that it runs into. I am being serious.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Friday, July 18, 2008 9:50 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
@joe, I dont think anyone would suggest that you perl script wouldn't be, as
you put it "orders of magnitude" faster. Just more complex than needed by
the time you posted it the powershell script was done.
To be clear here... I am not entirely sure how the .NET call actually works.
It may very due what you suggest, but I am not certain.
On Fri, Jul 18, 2008 at 9:42 AM, joe <listmail@joeware.net> wrote:
Out of curiosity, how much faster was the perl script? I am wondering if it
hit the orders of magnitude prediction.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harding, Devon
Sent: Friday, July 18, 2008 9:30 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Domain Controller version
Well, when you have some sites which work on their own IT schedule, it can
be tough to keep up. Especially in a forest with over 15 domains and 50
domain controllers.
BTW, the powershell command worked great!
-Devon
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Thursday, July 17, 2008 10:53 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
The OP will still have less domains than DCs.
Personally I'd step back a step and inquire why the OP doesn't know these
details already. I'd also be collecitng it from the boxes directly along
with all the other pertinent information I'm guessing is not there since
this data isn't.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
On Thu, Jul 17, 2008 at 7:04 PM, Brandon Shell <tshell@gmail.com> wrote:
Cause that is for the domain... he wants it for his forest.
On Thu, Jul 17, 2008 at 7:58 PM, joe <listmail@joeware.net> wrote:
Why? This data is in the directory, no need to go touch every DC which would
take likely minutes instead of seconds.
Run this against every domain (replacing the -b switch as necessary)
adfind -b dc=domain,dc=com -f
"&(objectcategory=computer)(primarygroupid=516)" operatingsystem
operatingsystemversion operatingsystemservicepack -csv
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brandon Shell
Sent: Thursday, July 17, 2008 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Domain Controller version
I use domainControllerFunctionality on rootDSE, but that involves minor
scripting.
On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <dharding@southernwine.com>
wrote:
I can use the following command to list all DCs in my forest, but what
command can I use to get the version (2000 or 2003)?
dsquery server -o rdn -forest
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - BSG
954-602-2469
_____
This message is the property of Southern Wine & Spirits or its affiliates.
It is intended only for the use of the individual or entity to which it is
addressed and may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under applicable law or
may constitute as attorney work product. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited. If
you have received this communication in error, notify us immediately by
telephone and (i) destroy this message if a facsimile or (ii) delete this
message immediately if this is an electronic communication.
Thank you.
| | | |
| laurahcomputing
Posts:41
| | 07/18/2008 11:56 AM |
| I was specifically looking for the PoSH answer, yeah. Having fun with S.DS,
and all.
On Fri, Jul 18, 2008 at 8:31 AM, joe <listmail@joeware.net> wrote:
> Do you mean specifically through PowerShell or just in general?
>
> You have both repadmin and AdFind that can easily do it with but a single
> command line.
>
> joe
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Laura E. Hunter
> *Sent:* Thursday, July 17, 2008 4:09 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
> Is there any reasonable way to pull out up-to-dateness vector
> informaton? I was playing around with different things but wasn't coming up
> with it.
>
> - L
>
> On Thu, Jul 17, 2008 at 12:07 PM, Brandon Shell <tshell@gmail.com> wrote:
>
>> Cool.... and for those that are interested.... here are some other thing
>> you can get with that code, but adding one or more of these values to "| ft
>> Name,Domain,OSVersion" section.
>>
>> CurrentTime
>> Domain
>> Forest
>> HighestCommittedUsn
>> InboundConnections
>> IPAddress
>> Name
>> OSVersion
>> OutboundConnections
>> Partitions
>> Roles
>> SiteName
>>
>> On Thu, Jul 17, 2008 at 2:58 PM, Salandra, Justin <
>> jsalandra@transre.com> wrote:
>>
>>> Yes, thanks
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:58 PM
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> So it did work?
>>>
>>> On Thu, Jul 17, 2008 at 1:39 PM, Salandra, Justin <jsalandra@transre.com>
>>> wrote:
>>>
>>> It would have helped if I spelled it correctly
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:27 PM
>>>
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> That is odd... Try adding the System to the namespace like
>>>
>>>
>>>
>>> [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains
>>> | %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>>
>>> On Thu, Jul 17, 2008 at 1:18 PM, Salandra, Justin <jsalandra@transre.com>
>>> wrote:
>>>
>>> I tried to run this and got
>>>
>>>
>>>
>>> Unable to find type [DirectoryServices.ActiveDirectory.Forest]::
>>>
>>>
>>>
>>> Justin A. Salandra
>>>
>>> Network Engineer
>>>
>>>
>>> ------------------------------
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 1:09 PM
>>>
>>>
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> You can use this command from Powershell
>>>
>>>
>>>
>>> [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains |
>>> %{$_.DomainControllers} | ft Name,Domain,OSVersion
>>>
>>> On Thu, Jul 17, 2008 at 12:52 PM, Harding, Devon <
>>> dharding@southernwine.com> wrote:
>>>
>>> Any command line tools?
>>>
>>>
>>>
>>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
>>> *Sent:* Thursday, July 17, 2008 12:50 PM
>>> *To:* ActiveDir@mail.activedir.org
>>> *Subject:* Re: [ActiveDir] Domain Controller version
>>>
>>>
>>>
>>> I use domainControllerFunctionality on rootDSE, but that involves minor
>>> scripting.
>>>
>>> On Thu, Jul 17, 2008 at 12:44 PM, Harding, Devon <
>>> dharding@southernwine.com> wrote:
>>>
>>> I can use the following command to list all DCs in my forest, but what
>>> command can I use to get the version (2000 or 2003)?
>>>
>>>
>>>
>>> dsquery server -o rdn -forest
>>>
>>>
>>>
>>> *Devon** Harding*
>>>
>>> *Windows Systems Engineer*
>>>
>>> *Southern Wine & Spirits - BSG*
>>>
>>> *954-602-2469*
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> *This message is the property of Southern Wine & Spirits or its
>>> affiliates. It is intended only for the use of the individual or entity to
>>> which it is addressed and may contain information that is non-public,
>>> proprietary, privileged, confidential, and exempt from disclosure under
>>> applicable law or may constitute as attorney work product. If you are not
>>> the intended recipient, you are hereby notified that any use, dissemination,
>>> distribution, or copying of this communication is strictly prohibited. If
>>> you have received this communication in error, notify us immediately by
>>> telephone and (i) destroy this message if a facsimile or (ii) delete this
>>> message immediately if this is an electronic communication.
>>> Thank you.*
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>>
>>> (and any attachments hereto) is confidential and may be
>>>
>>> protected by legal privileges and work product immunities.
>>>
>>> If you are not the intended recipient, you must not use or
>>>
>>> disseminate the information. Receipt by anyone other than the
>>>
>>> intended recipient is not a waiver of any attorney-client or work
>>>
>>> product privilege. If you have received this email in error, please
>>>
>>> immediately notify me by "Reply" command and permanently
>>>
>>> delete the original and any copies or printouts thereof. Although
>>>
>>> this email and any attachments are believed to be free of any virus
>>>
>>> or other defect that might affect any computer system into which it
>>>
>>> is received and opened, it is the responsibility of the recipient to
>>>
>>> insure that it is virus free and no responsibility is accepted by
>>>
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>>
>>> either jointly or severally, for any loss or damage arising in any way
>>>
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>>
>>> (and any attachments hereto) is confidential and may be
>>>
>>> protected by legal privileges and work product immunities.
>>>
>>> If you are not the intended recipient, you must not use or
>>>
>>> disseminate the information. Receipt by anyone other than the
>>>
>>> intended recipient is not a waiver of any attorney-client or work
>>>
>>> product privilege. If you have received this email in error, please
>>>
>>> immediately notify me by "Reply" command and permanently
>>>
>>> delete the original and any copies or printouts thereof. Although
>>>
>>> this email and any attachments are believed to be free of any virus
>>>
>>> or other defect that might affect any computer system into which it
>>>
>>> is received and opened, it is the responsibility of the recipient to
>>>
>>> insure that it is virus free and no responsibility is accepted by
>>>
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>>
>>> either jointly or severally, for any loss or damage arising in any way
>>>
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> "IMPORTANT NOTICE: The information in this email
>>> (and any attachments hereto) is confidential and may be
>>> protected by legal privileges and work product immunities.
>>> If you are not the intended recipient, you must not use or
>>> disseminate the information. Receipt by anyone other than the
>>> intended recipient is not a waiver of any attorney-client or work
>>> product privilege. If you have received this email in error, please
>>> immediately notify me by "Reply" command and permanently
>>> delete the original and any copies or printouts thereof. Although
>>> this email and any attachments are believed to be free of any virus
>>> or other defect that might affect any computer system into which it
>>> is received and opened, it is the responsibility of the recipient to
>>> insure that it is virus free and no responsibility is accepted by
>>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>> either jointly or severally, for any loss or damage arising in any way
>>> from its use."
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> -----------------------
> Laura E. Hunter
> Architect, Oxford Computer Group (http://www.oxfordcomputergroup.com)
> Microsoft MVP, Directory Services (
> https://mvp.support.microsoft.com/profile/laura)
> Author, Active Directory Consultant's Field Guide (
> http://tinyurl.com/7f8ll)
> Author, Active Directory Cookbook, Second Edition (
> http://tinyurl.com/z7svl)
>
--
-----------------------
Laura E. Hunter
Architect, Oxford Computer Group (http://www.oxfordcomputergroup.com)
Microsoft MVP, Directory Services (
https://mvp.support.microsoft.com/profile/laura)
Author, Active Directory Consultant's Field Guide (http://tinyurl.com/7f8ll)
Author, Active Directory Cookbook, Second Edition (http://tinyurl.com/z7svl)
| | | |
| bsonposh
Posts:168
| | 07/18/2008 12:11 PM |
| I feel for something like this in the generic case you should have some idea
at a high level such as, this reaches out to all of the individual DCs or
this makes a LDAP call to any DC in the domain/forest. If someone has a mom
and pop shop, true, they likely won't care because it won't matter either
way. But once you get into larger environments you need to be more cognizant
of what is going on. That way you can maybe give a caveat like... this
works, but in a larger environment there might be a better way or this will
go a bit slow unless you multithread it.
BS: This is a one off command (not script really.) There no project or code
to be repeated. Why would you create a multithreaded app for a one time shot
at the information? Why caveat it? I simply posted a suggestion.
You seemed to indicate though in your initial post that you knew what was
going on. You mentioned getting the info from rootdse with simple scripting.
Then posted that script which I took to mean that was your way to script
going against the RootDSE for this info. Then you came back and admitted you
didn't really know how it worked.
BS: I am not sure we are on the same page regarding the flow of the
conversation. He asked how… I stated he could get the info from rootDSE, but
that would involve a script. He then asked for a command… I gave him a
command. We should get on the same page on what exactly defines a"Script." I
never stated nor indicated I knew how the command I posted worked. You made
that assumption and I never admitted to anything. I simply stated a fact.
There is a variety of ways to get the answer. I am not sure which one the
.NET Class uses.
Had you never posted the script, I simply would have said, going to the
RootDSE of every DC in the forest for this information is not an optimal
plan in any but the smallest orgs and would have suggested the same query I
did before (choose your query tool, you could probably even use PowerShell
to do it). Then you would have come back and said but he needs the info for
the whole forest, not just a single domain like that helped it make sense to
query every DC in the forest and I would have again said, so ping one DC in
every domain with the query...
BS: Again… you're adding this extra "requirement" to the OP's goal. They way
the request was posted is that he just wanted the information as quick as
possible. Who cares if the command takes an extra 1min, 5min, or heck
10mins… It would still be done by the time you provided anything that meets
the "joe" standard.
BTW, the AdFind example is a bad example. It does an LDAP call, you know it
does, that is what AdFind does. Anyway, you don't need source access or
the ability to read source to get a generic idea of what something is doing,
for something like this, just turn on WireShark and watch it.
BS: I don't KNOW what it does. I know what you SAY it does.
On Fri, Jul 18, 2008 at 11:30 AM, joe <listmail@joeware.net> wrote:
> I feel for something like this in the generic case you should have some
> idea at a high level such as, this reaches out to all of the individual DCs
> or this makes a LDAP call to any DC in the domain/forest. If someone has a
> mom and pop shop, true, they likely won't care because it won't matter
> either way. But once you get into larger environments you need to be more
> cognizant of what is going on. That way you can maybe give a caveat like...
> this works, but in a larger environment there might be a better way or this
> will go a bit slow unless you multithread it.
>
> You seemed to indicate though in your initial post that you knew what was
> going on. You mentioned getting the info from rootdse with simple scripting.
> Then posted that script which I took to mean that was your way to script
> going against the RootDSE for this info. Then you came back and admitted you
> didn't really know how it worked.
>
> Had you never posted the script, I simply would have said, going to the
> RootDSE of every DC in the forest for this information is not an
> optimal plan in any but the smallest orgs and would have suggested the same
> query I did before (choose your query tool, you could probably even use
> PowerShell to do it). Then you would have come back and said but he needs
> the info for the whole forest, not just a single domain like that helped it
> make sense to query every DC in the forest and I would have again said, so
> ping one DC in every domain with the query...
>
> BTW, the AdFind example is a bad example. It does an LDAP call, you know
> it does, that is what AdFind does. Anyway, you don't need source access
> or the ability to read source to get a generic idea of what something is
> doing, for something like this, just turn on WireShark and watch it.
>
> joe
>
>
> P.S. If the .NET stuff is using a couple of LDAP calls to the domains to
> get the info instead of querying the RootDSE on every DC in a forest,
> excellent. It shows exactly why folks who don't have a thorough
> understanding of the things they are working with should use it.
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brandon Shell
> *Sent:* Friday, July 18, 2008 10:14 AM
>
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Domain Controller version
>
> joe... there are only a very few that know what the APIs they are
> calling "REALLY" do. They can speculate, but unless you have source code
> access and the ability to comb through 1000s of sources files there is a
> point at which you need to trust.
> Everyone that use adfind.exe has to place some level of trust in you.
> AFAIK... your the only one with the source. Are you suggesting that everyone
> stop using adfind.exe because they dont know how it works?
>
> RE: What I posted. We have discuss this before. The impression the OP gave
> was that he just wanted the information. I posted how I knew he could it do
> it. End of story. Had he suggested this is something to be ran regularly
> then performance would have been a consideration.
>
> On Fri, Jul 18, 2008 at 9:56 AM, joe <listmail@joeware.net> wrote:
>
>> Err didn't know it was a race Mr. Hare. < |
|
|