Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#15528 - 03/15/05 07:24 AM Windows Server 2000 domain controller  
Joined: Aug 2003
Posts: 68
MESELF Offline
Junior Member
MESELF  Offline
Junior Member

Joined: Aug 2003
Posts: 68
Hey guys. I was wondering if you could give me any help on how to find out which of numerous servers in a network is actually the domain controller. That is, I need to find out which server actually has the user accounts, which is apparently not necessarily the same server that hosts all of the file folders for the user accounts. The mapped network folders when you logon to the domain are all on \\red, but apprently the actual user accounts are not on \\red. Is there any way I can find out which server is controlling the domain without already knowing?

Sponsored Links
#15529 - 03/15/05 07:54 AM Re: Windows Server 2000 domain controller  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
logically it'd probably be the first (or towards the first) IP in the subnet


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#15530 - 03/15/05 10:02 AM Re: Windows Server 2000 domain controller  
Joined: Aug 2003
Posts: 68
MESELF Offline
Junior Member
MESELF  Offline
Junior Member

Joined: Aug 2003
Posts: 68
OK. That would make sense. So an address like 10.1.1.1 be the server? \\RED is 10.1.1.10
Also, some of the IP stuff seems to have slipped my mind. Is subnet determined by the first number? Are 10.1.30.195 and 10.1.1.1 in the same subnet?

#15531 - 03/15/05 11:28 AM Re: Windows Server 2000 domain controller  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Here on my network my dns server is the first ip in the block (.1), my secondary router for my vonage line is next (.2); generally admin's will do this as to know percisely where everything is... So you think, start with everything moving up, router 1 (.1), router 2 (.2) etc; eventually you'll make it up to 10 (myself I start private blocks here at .10 while leaving any single digit as network resources)


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#15532 - 03/15/05 11:46 AM Re: Windows Server 2000 domain controller  
Joined: Jun 2003
Posts: 807
Ghost Offline
UGN Super Poster
Ghost  Offline
UGN Super Poster

Joined: Jun 2003
Posts: 807
Likes: 1
Wisconsin
Use Cain & Abel for network enumeration. It can differentiate between normal client computers, and various important servers, including the domain controller.

Sponsored Links
#15533 - 03/24/05 04:44 AM Re: Windows Server 2000 domain controller  
Joined: Mar 2002
Posts: 16
Nexus Offline
Junior Member
Nexus  Offline
Junior Member

Joined: Mar 2002
Posts: 16
UK
The simplest way to find the DC's (Domain Controllers) is to use the 'nltest' utility from the resource kit for the OS that you will be using to make the query - just google for 'nltest' and your host OS, though they are usually on the Windows CD.

Once you have nltest, assuming you are looking for the 'EXAMPLE' domain:

Find all DC's : nltest.exe /dclist:example
Find primary DC : nltest.exe /dcname:example

It has a ton of other options, go play

#15534 - 03/28/05 10:53 AM Re: Windows Server 2000 domain controller  
Joined: Aug 2003
Posts: 68
MESELF Offline
Junior Member
MESELF  Offline
Junior Member

Joined: Aug 2003
Posts: 68
Ah...ok. Thanks for the replies. I figured out about Cain&Abel's "Domain Controllers" list. Apparently there were three on this particular network (two replicating). Just for reference, the I.P. of the main DC was a .1.14 address. That seems a little strange, but I guess it is a pretty low address. The other two were .1.39 and .1.110 (turns out this was actually red, I got 10 and 110 mixed up) . Turns out my first post was incorrect anyway. red was a domain controller. gold was hosting the files (the network was using kerberos authentication). Thanks.
P.S. it was fairly odd, with apparently one of the color names being the gateway server (i believe this one was .1.10), and a ton of the low numbers being routers.


Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics47,469
Posts82,639
Average Daily Posts8
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 40,633
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)