Real-World Scripting: Trusted Domain Query Script


You're responsible for tracking information about the domains that your Windows NT resource domain trusts. The administrators of the trusted domains often forget to notify you about configuration changes until problems occur. Thus, you want to have the trusted domain's PDC and BDC names and IP addresses available for those occasions when you have to troubleshoot user authentication, name resolution, and connectivity problems.

To get the PDC and BDC names, you need to run the Microsoft Windows NT Server 4.0 Resource Kit's Nltest utility several times. To get the PDC and BDC IP addresses, you need to use the Ping command. Thus, getting the PDC and BDC information manually requires four steps:

  1. To get the trusted domain list, you must run
    nltest /server:mypdc /trusted_domains
    where /server: and /trusted_domains are the switches and mypdc is the name of your PDC.

  2. To get the PDC name for each domain, you must run
    nltest /server:mypdc /dcname:theirdomain
    where /server: and /dcname: are the switches, mypdc is the name of your PDC, and theirdomain is the name of the trusted domain from which you seek PDC name information.

  3. To get the list of names for all the PDC's domain controllers, you must run
    nltest /server:theirpdc /dclist:theirdomain
    where /server: and /dclist: are the switches, theirpdc is the name of the remote PDC, and theirdomain is the name of the trusted domain from which you seek PDC and BDC name information.

  4. To get PDC and BDC IP addresses, you must ping each PDC and BDC.

If you have more than 10 domains, this procedure takes a while, even if you redirect the Nltest output to a file. Fortunately, you can use an NT shell script, TDQuery.bat, to automate this monotonous task. This script uses the For command to run Nltest and Ping against all the PDCs and BDCs. The For command parses the output from a command and uses that output as input for the next command. The script includes some error-detection code that handles unavailable server names and addresses. The script puts the domain and IP address information it gathers in an online report called TDQuery.html, which Screen 1 shows. In the report, the PDCs are in blue text for easy identification. Although Screen 1 doesn't show the color difference, the PDCs are the first entry in each domain.

Listing 1 contains an excerpt from TDQuery.bat. You'll find the entire script on the Win32 Scripting Journal Web site. TDQuery.bat includes line-by-line comments to help you understand the code. In addition, you can check out my two-part series "Scriptwriting Methodology" (March and April 1999), which discusses in detail how to use the For command in scripts to produce online reports.

Here are the steps to get TDQuery.bat working.

  1. Use the name of your PDC as a parameter when you run the script. The syntax is
    TDQuery.bat DOM1PDC
    where DOM1PDC is the name of your PDC. If you forget to insert this parameter, the script displays syntax Help information and exits.

  2. Insert the path to the resource kit containing the Nltest utility.

  3. Configure the path to your intranet Web server on which you're posting the completed online report.

  4. Test the script to make sure you configured it correctly.

  5. Link this new report to your Web page for systems administrators.

  6. Schedule the script to execute regularly.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.