http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/a ds_user_flag_enum.asp
Domain controllers have ADS_UF_SERVER_TRUST_ACCOUNT set. Workstations and servers have ADS_UFWORKSTATION_TRUST_ACCOUNT set. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Chopp Sent: Friday, October 21, 2005 9:08 AM To: [email protected] Subject: [ActiveDir] ADUC and domain controller vs. workstation or server When viewing the "general" tab on the properties page for a computer in the ADUC utility, the role of the computer can be listed as "domain controller" or "workstation or server". Since the Machine-Role attribute is missing on these computer objects in the AD tree, I would have to assume that ADUC derives this information from other sources. Since the role information that is displayed very quickly, even when the specified computer is offline, I would not expect that there's any sort of live communication going on where ADUC interrogates the computer to obtain the information. One remaining possibility is that the information is obtained from or inferred from the computer object's location within the domain, such as being under the "Domain Controllers" container as opposed to being in any other container or any other OU. Is this how ADUC is actually obtaining the information? Also, if the Machine-Role attribute value isn't populated by default when the computer is added to AD, then what does create this attribute and assign it a value on the computer object? I'm looking for a method to use that rapidly distinguishes between domain controllers, member servers and workstations that all have computer objects in the tree, with the desire being to eliminate workstations from a list of computer names. Making an API function call to DsRoleGetPrimaryDomainInformation() works great to determine the computer's role *IF* the computer is present on the network. If the computer is not reachable for any reason, then the API function calls spends several minutes retrying it's communications attempting to reach the RPC Server service on the specified remote system and thus the API function call doesn't return even a NAK in an acceptable period of time. -- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 "Racing to save lives" The Leukemia & Lymphoma Society - Team in Training http://www.active.com/donate/tntsc/tntscCChopp Do not send me unsolicited commercial email. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
