JSI Tip 3335. How do I verify the creation of SRV resource records for an Active Directory domain controller?

To verify the creation of the SRV resource records for an Active Directory domain controller, you can use NSlookup, DNS Manager, or the Netlogon service.

NSlookup

1. Open a CMD prompt on the DNS server.

2. Type nslookup.

3. Type set type=all.

4. Type Type _ldap._tcp.dc._msdcs.<DomainName>

NSlookup should return one or more SRV records in the following format:

<hostname>.<DomainName>
<ipaddress>

where <hostname> is the host name of the domain controller, <DomainName> is the domain to which the domain controller belongs, and <ipaddress> is the domain controllers IP address.

DNS Manager

Using the DNS MMC snap-in, verify that the SRV records exist for the _kerberos and _ldap services in the following folders:

_msdcs/dc/_sites/default-first-site-name/_tcp
_msdcs/dc/_tcp

Netlogon Service

If you use a non-Microsoft DNS for Active Directory, you can use Notepad to open %SystemRoot%\System32\Config\Netlogon.dns. The first record should be the domain controller's LDAP SRV record:

_ldap._tcp.<DomainName>


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish