If they're Microsoft "enterprise" CAs (i.e. AD integrated), you can get the info out of AD. If they're Microsoft stand alone CAs, then use something that scans individual servers (e.g. SCCM as mentioned) If they're not Microsoft CAs, use whatever configuration management tool you are using for non-Microsoft OSes (Tivoli etc.) If you're got more info on your environment, then maybe other options might present themselves.
Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Don Kuhlman Sent: Friday, 23 August 2013 3:51 AM To: [email protected] Subject: Re: [NTSysADM] List all LDAP and Certificate Authority Servers in All Domains Thanks Chris. There are actuall three environments here, two being combined into one, but we have to keep the lights on for the others till we're done. Much appreciated! Don K -------------------------------------------- On Thu, 8/22/13, Christopher Bodnar <[email protected]> wrote: Subject: Re: [NTSysADM] List all LDAP and Certificate Authority Servers in All Domains To: [email protected] Date: Thursday, August 22, 2013, 12:34 PM Do you have SCCM in your environment? You can generate a report on all servers running the "Certificate Services" service. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com From: Don Kuhlman <[email protected]> To: [email protected] Date: 08/22/2013 12:06 PM Subject: [NTSysADM] List all LDAP and Certificate Authority Servers in All Domains Sent by: [email protected] Thanks Chris! Now - not to hijack your thread, but - do you have a command to list the Certificate Authority servers in all domains in your environment ;) -------------------------------------------- On Thu, 8/22/13, Christopher Bodnar <[email protected]> wrote: Subject: [NTSysADM] repadmin goodness To: [email protected] Date: Thursday, August 22, 2013, 10:55 AM Seems like a slow day on the list, so thought I would pass this along in case it might save people some time. I know there are bunch of other ways to enumerate the list of domain controllers in a domain, but I never knew you could enumerate the domain controllers in the forest with repadmin: repadmin/ viewlist * Will give you output like this DSA_LIST[1] = dc1.contoso.com DSA_LIST[2] = dc2.contoso.com DSA_LIST[3] = dc3.contoso.com DSA_LIST[4] = dc4.contoso.com And you can clean it up a little like this: for /f "tokens=2 delims==" %i in ('repadmin /viewlist *') do @echo %i Also found that you can use it for an LDAP query: repadmin /viewlist dc1.contos.com ncobj:domain: /subtree /filter:"(&(objectclass=user)(samaccountname=jdo*))" Amazing what you lean when you actually read the help file: http://technet.microsoft.com/en-us/library/cc811563(v=ws.10).aspx Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
