I'm doing some LDAP queries to AD for a web application, and I'm trying to locate the closest DC using LDAP ping.
A sample chapter from "Understanding Active Directory Services" [2] contains the following:
"When the client receives the SRV records, it performs a quick LDAP ping to all of them by sending out a bind query to UDP port 389."
I tried sending an anonymous LDAP bind query over UDP, but did not get a reply from my AD box.
In Gil Kirkpatrick's "Authentication Topology" [1] article it is stated that:
"The DNS service responds with a list of SRV records that correspond to all the DCs in the client's domain. The client takes the records with the lowest-priority value and issues an AD ping (which is actually an LDAP-over-UDP query) to each DC in turn."
The type of query in the LDAP ping does not seem to discussed further in Kilpatrick's article, but I assume that it is an LDAP SearchRequest, whose search parameters (filter, attributes to return, search scope, etc) are not specified.
So I ran ethereal on a Windows 2000 login and found the following LDAP search request sent over UDP to the AD box:
User Datagram Protocol, Src Port: 1027 (1027), Dst Port: ldap (389)
Lightweight Directory Access Protocol, Search Request
Message Id: 1
Message Type: Search Request (0x03)
Message Length: 238
Response In: 214
Base DN: (null)
Scope: Base (0x00)
Dereference: Never (0x00)
Size Limit: 0
Time Limit: 0
Attributes Only: False
Filter: (&(DnsDomain=testsso.wedgetail.com.)(Host=DODO-VM)
(User=DODO-VM$)(AAC=\200(DomainSid=\001\004
(DomainGuid=\022\254.S`\2365O\213\307q\316\222}\330\251)
(NtVer=\006)
Attribute: NetlogonInterestingly, another LDAP search request is sent to the same AD box immediately after this apparent ping:
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: ldap (389)
Lightweight Directory Access Protocol, Search Request
Message Id: 2
Message Type: Search Request (0x03)
Message Length: 156
Response In: 215
Base DN: (null)
Scope: Base (0x00)
Dereference: Never (0x00)
Size Limit: 0
Time Limit: 0
Attributes Only: False
Filter: (&(DnsDomain=testsso.wedgetail.com.)(Host=DODO-VM)
(DomainGuid=\022\254.S`\2365O\213\307q\316\222}\330\251)
(NtVer=\006)
Attribute: NetlogonHowever, the filter for this second "ping" is slightly different to the filter in the first "ping".
Can anyone point to an authoritive reference on how to construct an LDAP ping? More specifically, what search parameters are required? I would have thought that pings would be the same, but the filters above demonstrate otherwise.
I should point out the client sending the LDAP ping may not be a Windows box, so information such as DomainSid and DomainGuid may not be readily available (at least, not without an LDAP lookup, which is why I'm trying to locate the closest DC in the first place).
Any help greatly appreciated.
Cheers, Geoff
References:
[1] http://www.winnetmag.com/Articles/Index.cfm?ArticleID=37935 [2] http://www.windowsitlibrary.com/Content/716/06/5.html
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
