Actually %logonserver% isn't necessarily the DC that the secure channel is established with, it is the one that authenticated the session you ran the command from.
It is not maintained so it can be returned even when the DC it indicates is unreachable. If you want to know who the SC is established with, use nltest /SC_QUERY:domainname From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, January 19, 2010 10:43 AM To: NT System Admin Issues Subject: RE: just who's in charge here (dom controller query) PCs will sync their clocks to whatever DC they have their secure channel with (from a CMD prompt "set logonserver" will display that to you). All DCs sync to the PDCe. SO...everyone should still be in sync, to within milliseconds. Are all of your DCs group catalog servers? Are all on the same subnet? From: paul chinnery [mailto:[email protected]] Sent: Tuesday, January 19, 2010 1:36 PM To: NT System Admin Issues Subject: RE: just who's in charge here (dom controller query) Here are the results from showrepl: repadmin /showrepl w2k3-dc Default-First-Site-Name\W2K3-DC DC Options: IS_GC Site Options: (none) DC object GUID: 4c35da00-ce37-4623-9d4a-c2bc95e60f96 DC invocationID: bafcea0c-da79-439a-9315-9a235f56ed7e ==== INBOUND NEIGHBORS ====================================== DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\(old ops master w2K) via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 13:27:56 was successful. Default-First-Site-Name\(secondary W2k dc) via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 13:28:03 was successful. Default-First-Site-Name\(secondary w2003 dc) via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 13:29:34 was successful. CN=Configuration,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 13:11:29 was successful. Default-First-Site-Name\*** via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 13:16:56 was successful. Default-First-Site-Name\*** via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 13:27:03 was successful. CN=Schema,CN=Configuration,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. Default-First-Site-Name\*** via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 12:51:19 was successful. Default-First-Site-Name\*** via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 12:51:19 was successful. DC=DomainDnsZones,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. DC=ForestDnsZones,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. dcdiag shows w2k3-dc passing all tests. ________________________________ Subject: RE: just who's in charge here (dom controller query) Date: Tue, 19 Jan 2010 11:05:33 -0500 To: [email protected] CC: From: [email protected] What does replication look like in your environment? Run DCDIAG and REPADMIN to get a health status for AD replication. Chris Bodnar, MCSE Sr. Systems Engineer Infrastructure Service Delivery Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ From: [email protected] [mailto:[email protected]] Sent: Tuesday, January 19, 2010 10:53 AM To: NT System Admin Issues Subject: just who's in charge here (dom controller query) When we upgraded Exchange to 2007, we had to install W2k3 dc's. Right now we are in mixed mode as we have to keep a couple of the W2k DC's running. W2K3-DC (server) is the ops master and pdc emulator. However, I have run into two situations where it seems the old W2K DC (DC1) ops master seems to be causing problems. Case 1: Windows time. It appears most pc's are syncing their clocks to DC1 instead of W2K3-DC. Case 2: GPO's are not applying properly (note we don't have that many and they only apply to specific computers). Usually the error on the pc in question is that it can't contact a domain controllers to get the policy. I'm perplexed over this as I thought that whatever was the Ops Master for the domain was the top-level controller (for want of a better phrase). ________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. <http://clk.atdmt.com/GBL/go/196390709/direct/01/> ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ________________________________ Hotmail: Trusted email with powerful SPAM protection. Sign up now. <http://clk.atdmt.com/GBL/go/196390707/direct/01/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
