Objects under DNS zones
1-I would like to know if the folders that show under DNS zones are all child domains.
I know that there is a zone that shows up with yellow folder when you install AD, it's _msdcs.domainname.com and all the folders under it are SRV records I believe.
2-the zone for the domain shows under it an _msdc folder, but in gray
under the zone there are also yellow folders too (sites,tcp,udp) and other yellow folder, some of them are child domains I believe. is there any way to tell if they are child domains that we can logon to if we have rights?
3-There are some zones that don't show the _msdcs gray or yellow folder folder
Can you tell me why?
4-some zones they show yellow folder then another yello sub-folder, does that mean there is a child and sub-child domain?
Thanks
I know that there is a zone that shows up with yellow folder when you install AD, it's _msdcs.domainname.com and all the folders under it are SRV records I believe.
2-the zone for the domain shows under it an _msdc folder, but in gray
under the zone there are also yellow folders too (sites,tcp,udp) and other yellow folder, some of them are child domains I believe. is there any way to tell if they are child domains that we can logon to if we have rights?
3-There are some zones that don't show the _msdcs gray or yellow folder folder
Can you tell me why?
4-some zones they show yellow folder then another yello sub-folder, does that mean there is a child and sub-child domain?
Thanks
ASKER
ok..
if you see a child domain or subdomain showing up under a zone, how can you find out which Domain controllers are in that child domain or subdomain?
if you see a child domain or subdomain showing up under a zone, how can you find out which Domain controllers are in that child domain or subdomain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess, as long as a zone doesn't have the _msdcs folder under it, the:
nslookup -q=srv _ldap._tcp.dc._msdcs.domai
wouldn't be able to tell you about the svr host.
under some zones there are many yellow folder icons, but no _msdcs under.
nslookup -q=srv _ldap._tcp.dc._msdcs.domai
wouldn't be able to tell you about the svr host.
under some zones there are many yellow folder icons, but no _msdcs under.
Perhaps try:
nslookup -q=srv _ldap._tcp.child.domain.co
Of course the _tcp folder will need to exist for the query to succeed in this case.
Chris
1. Technically any "folder" beneath a zone is a Sub Domain / Child Domain.
2. The Grey version is a Delegation (delegated to a
You can get information about which servers are advertising in DNS. For instance, you can pull lists of DCs in a site, DCs in a Domain, or Global Catalogs in a Forest, and so on. Each of those is found by forming a query for specific Service Records. For example, this should show all GCs in a Forest:
nslookup -q=srv _ldap._tcp.gc._msdcs.yourd
Where yourdomain.com is the forest root domain.
However, that tells you nothing about the operational state of those servers, nor does it tell you anything about the rights you may have within that AD domain.
3. Either because they're not storing data for AD, or if they're supposed to be they're not updating properly.
4. Yep. There's a limit to the depth, but it's more of a character limit, 255 characters is the longest permissible for any name (discussed in RFC 1034: http://www.ietf.org/rfc/rfc1034.txt).
Chris