If they're Microsoft "enterprise" CAs (i.e. AD integrated), you can get the 
info out of AD.
If they're Microsoft stand alone CAs, then use something that scans individual 
servers (e.g. SCCM as mentioned)
If they're not Microsoft CAs, use whatever configuration management tool you 
are using for non-Microsoft OSes (Tivoli etc.)
If you're got more info on your environment, then maybe other options might 
present themselves.

Cheers
Ken

-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Don Kuhlman
Sent: Friday, 23 August 2013 3:51 AM
To: [email protected]
Subject: Re: [NTSysADM] List all LDAP and Certificate Authority Servers in All 
Domains

Thanks Chris.  There are actuall three environments here, two being combined 
into one, but we have to keep the lights on for the others till we're done.

Much appreciated!

Don K

--------------------------------------------
On Thu, 8/22/13, Christopher Bodnar <[email protected]> wrote:

 Subject: Re: [NTSysADM] List all LDAP and Certificate Authority Servers in All 
Domains
 To: [email protected]
 Date: Thursday, August 22, 2013, 12:34 PM
 
 Do you
 have SCCM in your environment? You
 can generate a report on all servers running the  "Certificate Services"
 service.
 
 
 
 
 
 
 
 
 Christopher
 Bodnar 
 
 Enterprise Architect I, Corporate Office of  Technology:Enterprise 
Architecture  and Engineering Services 
 
 Tel 610-807-6459
  
 
 3900 Burgess Place, Bethlehem, PA 18017 
 
 [email protected]
 
 
 
 
 
 
 
 
 
 
 The Guardian Life Insurance Company of America
 
 
 
 www.guardianlife.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 From:
      
  Don Kuhlman
 <[email protected]>
 
 To:  
    
  [email protected]
 
 Date:
      
  08/22/2013
 12:06 PM
 
 Subject:
    
    [NTSysADM] List
 all LDAP and Certificate Authority Servers in All  Domains
 
 Sent by:
    
    [email protected]
 
 
 
 
 
 
 
 
 Thanks Chris!
 
 
 
 Now - not to hijack your thread, but - do you have a command  to list the  
Certificate Authority servers in all domains in your  environment ;)
 
 
 
 
 
 --------------------------------------------
 
 On Thu, 8/22/13, Christopher Bodnar
 <[email protected]>
 wrote:
 
 
 
  Subject: [NTSysADM] repadmin goodness
 
  To: [email protected]
 
  Date: Thursday, August 22, 2013, 10:55 AM
 
  
 
  Seems like
 
  a slow day on the list, so thought
 
  I would pass this along in case it might save people some
 
  time. I know
 
  there are bunch of other ways to enumerate the list of
 
  domain controllers
 
  in a domain, but I never knew you could enumerate the  domain
 
  controllers
 
  in the forest with repadmin:
 
  
 
  
 
  
 
  repadmin/ viewlist *
 
  
 
  
 
  
 
  Will give you output like
 
  this
 
  
 
  
 
  
 
  DSA_LIST[1] =
 
  dc1.contoso.com
 
  
 
  DSA_LIST[2] =
 
  dc2.contoso.com
 
  
 
  DSA_LIST[3] =
 
  dc3.contoso.com
 
  
 
  DSA_LIST[4] =
 
  dc4.contoso.com
 
  
 
  
 
  
 
  And you can clean it up a
 
  little like
 
  this:
 
  
 
  
 
  
 
  for /f "tokens=2
 
  delims=="
 
  %i in ('repadmin /viewlist *') do @echo %i
 
  
 
  
 
  
 
  Also found that you can use
 
  it for an
 
  LDAP query:
 
  
 
  
 
  
 
  repadmin /viewlist
 
  dc1.contos.com ncobj:domain:
 
  /subtree
 
  /filter:"(&(objectclass=user)(samaccountname=jdo*))"
 
  
 
  
 
  
 
  
 
  
 
  Amazing what you lean when
 
  you actually
 
  read the help file:
 
  
 
  
 
  
 
  http://technet.microsoft.com/en-us/library/cc811563(v=ws.10).aspx
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  Christopher
 
  Bodnar 
 
  
 
  Enterprise Architect I, Corporate Office of
 
  Technology:Enterprise Architecture
 
  and Engineering Services 
 
  
 
  Tel 610-807-6459
 
   
 
  
 
  3900 Burgess Place, Bethlehem, PA 18017 
 
  
 
  [email protected]
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  The Guardian Life Insurance Company of America
 
  
 
  
 
  
 
  www.guardianlife.com
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  
 
  -----------------------------------------
 
  This message, and any attachments to it, may contain
 
  information
 
  that is privileged, confidential, and exempt from  disclosure
 
  under
 
  applicable law.  If the reader of this message is not  the
 
  intended
 
  recipient, you are notified that any use, dissemination,
 
  distribution, copying, or communication of this message is
 
  strictly
 
  prohibited.  If you have received this message in  error,
 
  please
 
  notify the sender immediately by return e-mail and delete
 
  the
 
  message and any attachments.  Thank you.
 
  
 
 
 
 
 
 
 
 
 




Reply via email to