AD and DNS Logging
How do I found out what IP addresses are authenticating to a Windows Server 2003 Domain Controller. I am retiring a Domain and need to verify how many machines are still actively logging into this Domain so that these users can be contacted prior to retiring. I turned on DNS Log Queries but this does not give me much.
Thanks!
Thanks!
Another suggestion would be to check Active Directory Sites and Services and see if there are any defined sites and subnets in AD. Even then, that is a suggested server, not a "mandated only" server. Mike is correct in that it should just be safe to remove.
DrUltima
DrUltima
Try raizing the net logon logging:
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626
I usually use this to find out what ip addresses with no AD sites are logging to a domain controller (no modification to logging level is needed). Maybe you can do it by raizing the logging.
I'm wondering something. Maybe you can create an additional AD site. Then, do not associate any subnets to it. Move your domain controller to this new site. The log may start to show you what IP addresses are logging on your server.
Another clear choices would be to use tcpview, netmon or wireshark.
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626
I usually use this to find out what ip addresses with no AD sites are logging to a domain controller (no modification to logging level is needed). Maybe you can do it by raizing the logging.
I'm wondering something. Maybe you can create an additional AD site. Then, do not associate any subnets to it. Move your domain controller to this new site. The log may start to show you what IP addresses are logging on your server.
Another clear choices would be to use tcpview, netmon or wireshark.
is the forward lookup zone of the retired domain still exists or you also deleted it, if its still exists the computers that are still joined to that domain will register themselves in the zone. and that is how you can check who is still on that domain. and if you delete it just recreate it and you should be fine.
I would look at using WMI or ADSI -
Many scripts at the scripting center which may help you here is the dhcp specific scripts:
http://gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=SearchText&f%5B0%5D.Value=dhcp&x=0&y=0
Read the information well and understand the scripts intentions and make sure that you are comfortable using the script in its current form. If you have questions, the forum there is very good and well respected.
DMT
Many scripts at the scripting center which may help you here is the dhcp specific scripts:
http://gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=SearchText&f%5B0%5D.Value=dhcp&x=0&y=0
Read the information well and understand the scripts intentions and make sure that you are comfortable using the script in its current form. If you have questions, the forum there is very good and well respected.
DMT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
....but really you don't need to users don't need to do anything. You updated their DNS server IPs (if those change) but the client (XP, 7, etc) is smart enough to pick another DC for authentication.
Thanks
Mike