使用 .NET 检测只读域控制器?
我希望能够确定特定域控制器是否是只读的。 我知道我可以做这样的事情来获得可写的 DC:
using( Domain d = Domain.GetCurrentDomain() )
{
DomainController dc = d.FindDomainController(
"mysitename", LocatorOptions.WriteableRequired);
}
但是给定一个 DomainController 对象,有没有办法确定该 DC 是否可写?
我问的原因是我想尝试选择一个首选域控制器,即 1. 可写 2. 在我的站点中 3. 全局目录。 似乎没有一个好方法来找到具有所有这些属性的服务器。
I want to be able to determine whether a particular domain controller is read-only. I know I can do stuff like this to get a writeable DC:
using( Domain d = Domain.GetCurrentDomain() )
{
DomainController dc = d.FindDomainController(
"mysitename", LocatorOptions.WriteableRequired);
}
But given a DomainController object is there a way to determine whether that DC is writeable?
The reason I'm asking is that I want to try to select a preferred domain controller that is 1. Writeable 2. In my site and 3. a global catalog. There doesn't seem to be a good way to find a server with all these attributes.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只读域控制器和可写域控制器之间的一个区别是,所有只读域控制器的属性
primaryGroupID设置为 521(这是“只读域控制器”内置组的 RID)在活动目录中)。 可写域控制器的primaryGroupID设置为 516(“域控制器”组)。只读域控制器的主要组无法轻易更改(Active Directory 不允许这样做),因此您应该可以安全地假设所有 RODC: 都将该属性设置为 521。
One difference between Read-Only and Writable Domain Controllers are that all Read-Only Domain Controllers have the attribute
primaryGroupIDset to 521 (which is the RID for the "Read-only Domain Controllers" built-in group in Active Directory). Writable Domain Controllers haveprimaryGroupIDset to 516 (the "Domain Controllers" group).The primary group for a read-only domain controller cannot be easily changed (Active Directory won't allow it) so you should be safe to assume that all RODC:s have that attribute set to 521.
这并不优雅,但是...
如果您有 DomainController 对象,您可以执行以下操作:
这应该确定特定的域控制器是否可写。
It's not elegant, but...
If you have the DomainController object, you can do:
This should determine whether a specific domain controller is writable.