Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 17, 2014 11:23 AM
Hello,
Hopefully just a quick question. I'm planning to gather and use some secure channel information in a script and am looking to see if there is a better way than just using the old "nltest /sc_query:domain.name" command and then parsing the data ? Specifically I need to retrieve the trusted DC name from that command.
thanks
ecco
All replies (7)
Wednesday, December 17, 2014 2:26 PM ✅Answered
Yes, that's the idea ..with a function to reset or re-point to another DC on demand for testing.
As far as I know only NLTEST can do that. That is what it is designed for. It is the comprehensive trust/communications testing tool for a domain. It can remotelt probe a client machine and test that machines access to any domain in the forest.
This does not repoint a system it just analyzes that systems ability to communicate with a selected domain.
¯\(ツ)_/¯
Wednesday, December 17, 2014 12:33 PM
Like this may be
Get-WMIObject Win32_NTDomain | Select Description , DomainControllerName
Regards Chen V [MCTS SharePoint 2010]
Wednesday, December 17, 2014 2:10 PM
WMI does not query the secure channel. It just connects to the local domain. I assume the purpose is to validate that there is a secure channel (kerberos) to a remote domain. This test is designed to test the channel betweeen any server and a specific domain target. It does not just return the domain name.
NLTEST is likely the best method for this.
¯\(ツ)_/¯
Wednesday, December 17, 2014 2:21 PM
Yes, that's the idea ..with a function to reset or re-point to another DC on demand for testing.
Wednesday, December 17, 2014 2:26 PM
no . I'm trying to get the secure channel target that is used for authentication.
This can change from DC to DC depending on who responds the quickest. ( i think )
Wednesday, December 17, 2014 2:31 PM
The current authenticating domain is set in teh environment. This has nothing to do with the secure channel test.
On every request the DCs will be queried and a new DC can be selected. It is not a fixed thing although the closest DC will nearly always be the respondent.
$env:LOGONSERVER is the current server handling the current logon.
¯\(ツ)_/¯
Friday, October 26, 2018 7:26 PM
was looking for an answer and found this:
https://www.reddit.com/r/PowerShell/comments/4cjdk8/get_the_ad_site_name_of_a_computer/