Skip navigation
Menu
Windows and User Productivity>Active Directory

JSI Tip 3335. How do I verify the creation of SRV resource records for an Active Directory domain controller?

To verify the creation of the SRV resource records for an Active Directory domain controller, you can use NSlookup, DNS Manager, or the Netlogon service.

NSlookup

1. Open a CMD prompt on the DNS server.

2. Type nslookup.

3. Type set type=all.

4. Type Type _ldap._tcp.dc._msdcs.<DomainName>

NSlookup should return one or more SRV records in the following format:

<hostname>.<DomainName>
<ipaddress>

where <hostname> is the host name of the domain controller, <DomainName> is the domain to which the domain controller belongs, and <ipaddress> is the domain controllers IP address.

DNS Manager

Using the DNS MMC snap-in, verify that the SRV records exist for the _kerberos and _ldap services in the following folders:

_msdcs/dc/_sites/default-first-site-name/_tcp
_msdcs/dc/_tcp

Netlogon Service

If you use a non-Microsoft DNS for Active Directory, you can use Notepad to open %SystemRoot%\System32\Config\Netlogon.dns. The first record should be the domain controller's LDAP SRV record:

_ldap._tcp.<DomainName>


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
cyber security incident response plan.jpg
Researchers Explore Active Directory Attack Vectors
May 04, 2021
rainbow tables.jpg
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
Apr 28, 2021
Microsoft Conditional Access.jpg
Microsoft Conditional Access Policies: What You Should Know Now
Apr 14, 2021
Hacking Active Directory - Security Lessons from a Penetration Tester
Sponsor Content
Hacking Active Directory - Security Lessons from a Penetration Tester
Nov 11, 2020