Как найти ldap своего домена

You need to use an = after -type:

nslookup -type=srv _ldap._tcp.DOMAINNAME

answered Jun 22, 2010 at 10:36

Phil Ross's user avatar

Phil RossPhil Ross

7,1892 gold badges24 silver badges19 bronze badges

1

In cmd shell:

nslookup 
set types=all
_ldap._tcp

BE77Y's user avatar

BE77Y

2,6673 gold badges18 silver badges23 bronze badges

answered May 21, 2015 at 15:43

MattieuBGepi's user avatar

1

None of the above worked for me, I got every time an error like this (I’ve tried with all the combinations I can think of with the domain names):

*** Unknown can’t find _ldap._tcp: Non-existent domain

So another google search pointed to this method:

nltest /dclist:yourdomain.com

And this results in the list of the different servers in my network. Hope this saves an additional 2 minutes for someone else.

Erik Oppedijk's user avatar

answered Apr 12, 2018 at 6:41

Cross's user avatar

CrossCross

3251 gold badge4 silver badges9 bronze badges

1

Get-ADDomainController will list your domain controllers from domain
If you want to check it from another domain then use -server switch.

get-addomaincontroller -server "domain"

Davidw's user avatar

Davidw

1,2103 gold badges14 silver badges25 bronze badges

answered Apr 8, 2022 at 12:21

Piotr Rutkowski's user avatar

Windows cmd prompt uses “query” instead of “type” for some forsaken reason. Interactive nslookup still uses “set type=srv”.

nslookup -query=srv _ldap._tcp.DOMAINNAME

EDIT: while “query” works it seems that I am 100% wrong. “type” works too.

answered Sep 7, 2014 at 4:14

Andy's user avatar

AndyAndy

1,1011 gold badge7 silver badges10 bronze badges

1

“nslookup -query=srv _ldap._tcp.DOMAINNAME” worked for me, tried nslookup -type=srv _ldap._tcp.DOMAINNAME and didn’t work.

Server 2008 R2

answered Jun 5, 2019 at 21:02

Jim's user avatar

I am trying develop an application (C#) to query an LDAP server. I don’t know the actual server named to query – is there a way to find out using standard windows tools or something in .net?

I’ve also heard rumors that having the server name (ldap://server/) is not always needed as long as I’ve got dc=domain,dc=com in my query string, but I’ve so far been able to work with it this way.

Any tips?

Thanks

Per Noalt's user avatar

Per Noalt

5,0422 gold badges29 silver badges20 bronze badges

asked Apr 14, 2009 at 20:36

bugfixr's user avatar

0

AD registers Service Location (SRV) resource records in its DNS server which you can query to get the port and the hostname of the responsible LDAP server in your domain.

Just try this on the command-line:

C:> nslookup 
> set types=all
> _ldap._tcp.<<your.AD.domain>>
_ldap._tcp.<<your.AD.domain>>  SRV service location:
      priority       = 0
      weight         = 100
      port           = 389
      svr hostname   = <<ldap.hostname>>.<<your.AD.domain>>

(provided that your nameserver is the AD nameserver which should be the case for the AD to function properly)

Please see Active Directory SRV Records and Windows 2000 DNS white paper for more information.

answered Apr 15, 2009 at 8:40

Stefan Gehrig's user avatar

Stefan GehrigStefan Gehrig

82.4k24 gold badges155 silver badges189 bronze badges

4

If you’re using AD you can use serverless binding to locate a domain controller for the default domain, then use LDAP://rootDSE to get information about the directory server, as described in the linked article.

answered Apr 14, 2009 at 20:45

Joe's user avatar

JoeJoe

121k30 gold badges202 silver badges335 bronze badges

If the machine you are on is part of the AD domain, it should have its name servers set to the AD name servers (or hopefully use a DNS server path that will eventually resolve your AD domains). Using your example of dc=domain,dc=com, if you look up domain.com in the AD name servers it will return a list of the IPs of each AD Controller. Example from my company (w/ the domain name changed, but otherwise it’s a real example):

    mokey 0 /home/jj33 > nslookup example.ad
    Server:         172.16.2.10
    Address:        172.16.2.10#53

    Non-authoritative answer:
    Name:   example.ad
    Address: 172.16.6.2
    Name:   example.ad
    Address: 172.16.141.160
    Name:   example.ad
    Address: 172.16.7.9
    Name:   example.ad
    Address: 172.19.1.14
    Name:   example.ad
    Address: 172.19.1.3
    Name:   example.ad
    Address: 172.19.1.11
    Name:   example.ad
    Address: 172.16.3.2

Note I’m actually making the query from a non-AD machine, but our unix name servers know to send queries for our AD domain (example.ad) over to the AD DNS servers.

I’m sure there’s a super-slick windowsy way to do this, but I like using the DNS method when I need to find the LDAP servers from a non-windows server.

answered Apr 14, 2009 at 21:00

jj33's user avatar

jj33jj33

7,4832 gold badges36 silver badges42 bronze badges

  • Remove From My Forums
  • Question

  • we have oce domain controller(win2003) and four additional dc. how to find ldap servers in our domain. ???  Any information is available in dns server???

Answers

  • You can use

    nltest /dclist:yourdomain.com

    hth
    Marcin

    • Edited by

      Saturday, January 1, 2011 12:21 PM

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

  • You need to use your own domain name as the parameter of the /dclist switch i.e.

    nltest /dclist:yourdomain.com

    alternatively you can use procedure described in
    http://support.microsoft.com/kb/816587 to query DNS i.e.:

    1. Click Start, and then click Run.
    2. In the Open box, type cmd.
    3. Type nslookup, and then press ENTER.
    4. Type set type=all, and then press ENTER.
    5. Type _ldap._tcp.dc._msdcs.<var>Domain_Name</var>, where <var>Domain_Name</var> is the name of your domain, and then press ENTER.

    hth
    Marcin

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

  • Once again – YOU NEED TO SPECIFY YOUR DOMAIN NAME AS THE PARAMETER OF THE /dclist switch when running nltest.

    So in your case, this likely would be:

    nltest /dclist:mcg.muhaidibco.com

    All of the entries listed as the output of this command represent individual domain controllers for the domain you provided. Each one of them functions as an LDAP server

    hth
    Marcin

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

  • Remove From My Forums
  • Question

  • we have oce domain controller(win2003) and four additional dc. how to find ldap servers in our domain. ???  Any information is available in dns server???

Answers

  • You can use

    nltest /dclist:yourdomain.com

    hth
    Marcin

    • Edited by

      Saturday, January 1, 2011 12:21 PM

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

  • You need to use your own domain name as the parameter of the /dclist switch i.e.

    nltest /dclist:yourdomain.com

    alternatively you can use procedure described in
    http://support.microsoft.com/kb/816587 to query DNS i.e.:

    1. Click Start, and then click Run.
    2. In the Open box, type cmd.
    3. Type nslookup, and then press ENTER.
    4. Type set type=all, and then press ENTER.
    5. Type _ldap._tcp.dc._msdcs.<var>Domain_Name</var>, where <var>Domain_Name</var> is the name of your domain, and then press ENTER.

    hth
    Marcin

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

  • Once again – YOU NEED TO SPECIFY YOUR DOMAIN NAME AS THE PARAMETER OF THE /dclist switch when running nltest.

    So in your case, this likely would be:

    nltest /dclist:mcg.muhaidibco.com

    All of the entries listed as the output of this command represent individual domain controllers for the domain you provided. Each one of them functions as an LDAP server

    hth
    Marcin

    • Proposed as answer by
      Meinolf Weber
      Saturday, January 1, 2011 3:55 PM
    • Marked as answer by
      Bruce-Liu
      Friday, January 28, 2011 9:31 AM

Решение / Ответ

Phil Ross

22-го июня 2010 в 10:36

2010-06-22T10:36:50+00:00

#20609183

Вам необходимо использовать = после -type:

nslookup -type=srv _ldap._tcp.DOMAINNAME

 MattieuBGepi

Ответ на вопрос

21-го мая 2015 в 3:43

2015-05-21T15:43:00+00:00

#20609185

В оболочке cmd:

nslookup 
set types=all
_ldap._tcp

 jim31415

Ответ на вопрос

28-го сентября 2015 в 6:51

2015-09-28T18:51:37+00:00

#20609186

 Cross

Ответ на вопрос

12-го апреля 2018 в 6:41

2018-04-12T06:41:02+00:00

#20609187

Ни один из выше работал для меня, у меня каждый раз такая ошибка (Я’пробовала все комбинации я могу думать с доменными именами):

*** Неизвестно, может’т найти _ldap._tcp, относящийся: несуществующий домен

Так что еще один поиск в гугле указал на этот способ:

nltest /dclist:yourdomain.com

И это приводит в список различных серверов в сети. Надеюсь, что это экономит еще 2 минуты для кого-то другого.

 Andy

Ответ на вопрос

7-го сентября 2014 в 4:14

2014-09-07T04:14:58+00:00

#20609184

Windows cmd prompt по какой-то забытой причине использует “запрос” вместо “типа”. Интерактивный nslookup по-прежнему использует “set type=srv”.

nslookup -query=srv _ldap._tcp.DOMAINNAME

EDIT: пока “запрос” работает, похоже, что я на 100% не прав. “тип” тоже работает.

 Jim

Ответ на вопрос

5-го июня 2019 в 9:02

2019-06-05T21:02:15+00:00

#20609188

“и команда nslookup -запрос=запись SRV _ldap._tcp, относящийся.Имя_домена” У меня работал, попробовал nslookup-тип=запись SRV _ldap._tcp, относящийся.Имя_домена и я’t работа.

Сервер 2008 R2

Добавить комментарий