How Can I Determine Which Domain Controller Authenticated a User?
Hey, Scripting Guy! In my logon script how can I determine the name of the domain controller that authenticated the user?
Hey, CK. You know, one of the unwritten rules for being a Scripting Guy is that you should never do anything hard more than once a week. (Why is this an unwritten rule? Mainly because we were all too lazy to write it down.) In yesterday’s column we tackled the somewhat complicated issue of trying to associate an IP address with a network connection. Because yesterday’s column was hard, the unwritten laws for being a Scripting Guy pretty much compel us to take an easy question today.
So how easy could it be to determine the name of the domain controller that authenticated the logged-on user? As easy as three lines of code:
Set objDomain = GetObject(“LDAP://rootDSE”) strDC = objDomain.Get(“dnsHostName”) Wscript.Echo “Authenticating domain controller: ” & strDC
No, you’re not dreaming; this really does take just three lines of code. (And even if you were dreaming, well, do you really want to admit that you dream about scripting?) We begin by binding to rootDSE, which represents the root of the Active Directory service on a domain controller. The rootDSE object exists to provide information about a domain and a domain controller; in fact, one piece of information rootDSE provides is the value of the dnsHostName property.
That might not be the most intuitive property name in the world, but dnsHostName is the name of the authenticating domain controller. Consequently we use the Get method to retrieve the value of the dnsHostName attribute and store that value in a variable named strDC. Echo back the value of strDC and we’ve determined the name of the domain controller that authenticated the user.
And now, having presented our three-line script, our work for today is done. If you need anything we’ll be at home watching the Jerry Springer Show