I would like to test whether a particular DC is successfully
authenticating users. I realize I could mess around with sites, but
I'd rather not.

If I use LDP.exe from the resource kit and "connect" to a DC followed
by BINDing to the domain with an ID and that works, have I
conclusively proven that the DC to which I connected is successfully
authenticating logons?

thanks

- JayDee

"JayDee" <dopamine@mail.com> wrote in message =
news:07d6d374-b3bd-4ce7-a6a1-aa13d927f628@k4g2000prb.googlegroups.com...
>I would like to test whether a particular DC is successfully
> authenticating users. I realize I could mess around with sites, but
> I'd rather not.
>=20
> If I use LDP.exe from the resource kit and "connect" to a DC followed
> by BINDing to the domain with an ID and that works, have I
> conclusively proven that the DC to which I connected is successfully
> authenticating logons?
>=20
> thanks
>=20
> - JayDee


I don't see why you have to *mess* around with sites, besides I'm not =
sure what you mean by that. If you have sites configured, and there's =
only one DC in that site, then go to a workstation, command prompt, and =
run "echo %logonserver%" and it will show which DC logged the user in. =
That's the simple test. You can also look at the netlogon logs.

Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Also, read the following thread for more info
What clients are authenticated against a Domain Controller?=20
http://forums.techarena.in/active-directory/1182132.htm

Any reason you need to test it? Are you seeing any problems that make =
you think a certain DC is not operating properly?=20

Any rrrors in the event logs? If so, post the EventID# and Source name, =
please.

--=20
Ace

This posting is provided "AS-IS" with no warranties or guarantees and =
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit =
among responding engineers, and to help others benefit from your =
resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & =
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, =
please contact Microsoft PSS directly. Please check =
http://support.microsoft.com for regional support phone numbers.

Howdie!

On 17.03.2010 01:20, JayDee wrote:
> I would like to test whether a particular DC is successfully
> authenticating users. I realize I could mess around with sites, but
> I'd rather not.
>
> If I use LDP.exe from the resource kit and "connect" to a DC followed
> by BINDing to the domain with an ID and that works, have I
> conclusively proven that the DC to which I connected is successfully
> authenticating logons?

I agree with Ace here. Is there a specific reason why you'd want to test it?

Besides you not trying to mess with sites and stuff, if you're 
connecting connect to a domain and do not specify a DC or server name, 
LDP is going to use the DC locator process with involves sites and site 
definitions. You could easily test that, too.

 From an authentication perspective, connecting to the DC is not enough, 
you'd have to BIND to the machine to kick off the auth mechanism.

Cheers,
Florian

Unless you have some configuration problems, I'm guessing you are just fine. 
BUt see below if you want to run addtional tests.

Run diagnostics against your Active Directory domain.

If you don't have the support tools installed, install them from your server 
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> ntfrsutl ds your_dc_name > c:\sysvol.log
-> dnslint /ad /s "ip address of your dc"

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's 
in the forest. If you have significant numbers of DC's this test could 
generate significant detail and take a long time. You also want to take into 
account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run 
(DCDiag and NetDiag). It also has the option to run individual tests without 
having to learn all the switch options. The details will be output in 
notepad text files that pop up automagically.

The script is located on my website at 
http://www.pbbergs.com/windows/downloads.htm

Just select both dcdiag and netdiag make sure verbose is set. (Leave the 
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

Description and download for dnslint
http://support.microsoft.com/kb/321045

-- 
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups.  This
posting is provided "AS IS" with no warranties and confers no rights.
"JayDee" <dopamine@mail.com> wrote in message 
news:07d6d374-b3bd-4ce7-a6a1-aa13d927f628@k4g2000prb.googlegroups.com...
>I would like to test whether a particular DC is successfully
> authenticating users. I realize I could mess around with sites, but
> I'd rather not.
>
> If I use LDP.exe from the resource kit and "connect" to a DC followed
> by BINDing to the domain with an ID and that works, have I
> conclusively proven that the DC to which I connected is successfully
> authenticating logons?
>
> thanks
>
> - JayDee