I did a trace looking for the same sorts of packets and indeed found them. The thing that interests me is the returned data. It is returning Site Name information for the DC and the client which could likely be the DC telling the client what site it is a member of so that it can focus its DNS queries to select the proper DCs.
Further down in the trace I see the query as simple as (&(DnsDomain=domain.com)(Host=hostname)(NtVer=\006)) Though I have been unable to duplicate the results that I see in the trace via ldp queries with that one query. That would be handy for UNIX machines looking for their site without having to tear through the subnet configurations. For your purposes though, if you aren't looking to get the site info back, and just checking timing, sending a basic rootdse udp query should give you timing info that you need for determining how close (or how busy) a specific DC is. ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geoffrey Elgey Sent: Monday, March 08, 2004 10:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] What is the format of an LDAP ping? G'day, I'm doing some LDAP queries to AD for a web application, and I'm trying to locate the closest DC using LDAP ping. A sample chapter from "Understanding Active Directory Services" [2] contains the following: "When the client receives the SRV records, it performs a quick LDAP ping to all of them by sending out a bind query to UDP port 389." I tried sending an anonymous LDAP bind query over UDP, but did not get a reply from my AD box. In Gil Kirkpatrick's "Authentication Topology" [1] article it is stated that: "The DNS service responds with a list of SRV records that correspond to all the DCs in the client's domain. The client takes the records with the lowest-priority value and issues an AD ping (which is actually an LDAP-over-UDP query) to each DC in turn." The type of query in the LDAP ping does not seem to discussed further in Kilpatrick's article, but I assume that it is an LDAP SearchRequest, whose search parameters (filter, attributes to return, search scope, etc) are not specified. So I ran ethereal on a Windows 2000 login and found the following LDAP search request sent over UDP to the AD box: User Datagram Protocol, Src Port: 1027 (1027), Dst Port: ldap (389) Lightweight Directory Access Protocol, Search Request Message Id: 1 Message Type: Search Request (0x03) Message Length: 238 Response In: 214 Base DN: (null) Scope: Base (0x00) Dereference: Never (0x00) Size Limit: 0 Time Limit: 0 Attributes Only: False Filter: (&(DnsDomain=testsso.wedgetail.com.)(Host=DODO-VM) (User=DODO-VM$)(AAC=\200(DomainSid=\001\004 (DomainGuid=\022\254.S`\2365O\213\307q\316\222}\330\251) (NtVer=\006) Attribute: Netlogon Interestingly, another LDAP search request is sent to the same AD box immediately after this apparent ping: User Datagram Protocol, Src Port: 1028 (1028), Dst Port: ldap (389) Lightweight Directory Access Protocol, Search Request Message Id: 2 Message Type: Search Request (0x03) Message Length: 156 Response In: 215 Base DN: (null) Scope: Base (0x00) Dereference: Never (0x00) Size Limit: 0 Time Limit: 0 Attributes Only: False Filter: (&(DnsDomain=testsso.wedgetail.com.)(Host=DODO-VM) (DomainGuid=\022\254.S`\2365O\213\307q\316\222}\330\251) (NtVer=\006) Attribute: Netlogon However, the filter for this second "ping" is slightly different to the filter in the first "ping". Can anyone point to an authoritive reference on how to construct an LDAP ping? More specifically, what search parameters are required? I would have thought that pings would be the same, but the filters above demonstrate otherwise. I should point out the client sending the LDAP ping may not be a Windows box, so information such as DomainSid and DomainGuid may not be readily available (at least, not without an LDAP lookup, which is why I'm trying to locate the closest DC in the first place). Any help greatly appreciated. Cheers, Geoff References: [1] http://www.winnetmag.com/Articles/Index.cfm?ArticleID=37935 [2] http://www.windowsitlibrary.com/Content/716/06/5.html List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
