Re: Active Directory query for NT 4 Servers

I am not sure that you can do this with MMC. The SAM account type, assuming it the same as the server flags from Windows NT, will be affected by any roles that the server has, for example, print server, browser role, etc. There is a flag for a "server" that would show up in the SAMaccountType, but there isn't anyway to just pull a certain bit out that I know of.

If my memory is right, Active Directory does not really have any indication whether a computer is a member server or a domain controller in the operating system field. But there might be a way to see if there is a special setting for domain controller in another field.

Hyena has a nice debugging method built into it in that if you right click on any AD object, select Listing Views->(all) you can see all of the attributes for an object. This is handy for what you are trying to do.

One idea is to put all of your server accounts into a dedicated OU, that way you can just target that OU when you run queries.

Re: Active Directory query for NT 4 Servers

Not sure I follow...I don't care what roles the server has, I just want to be able to change my query to show ONLY NT4 servers. I will then take the same query and modify it to show ONLY NT4 Workstations. Currently the closest I get is to show ALL NT4 systems.

I have the same setup for Windows 2000 systems, a query to show Servers (also by Service Pack Level) and Workstations (also by Service Pack Level)...so I would think this must be possible if I just knew what attribute to query for.

Unless what you are saying is that NT4 does not report any queriable information to determine if it is a Server vs. Workstation using only LDAP?

Re: Active Directory query for NT 4 Servers

OK, I misunderstood. Unless AD puts something into the operatingsystem attribute that is different between servers or workstations, you may be out of luck. Microsoft does not really differentiate between servers and workstations; except for the licensing price they are the same in functionality, which is why they may appear to be the same.

There is a role difference, but I don't know if it is reflected or not in the SAMaccounttype attribute. You could try to look at all of the attributes for a server vs. a workstation in a spreadsheet side-by-side to see any differences.

Hyena gets the OS type and version major/minor from the browse list when you look at the Servers object.

I will check with Microsoft to see what/how updates the SAMAccounttype value.

Re: Active Directory query for NT 4 Servers

I will take a look side by side at the attributes and see if anything stands out. I looked at properties of a system in ADSIEdit and didn't see anything useful so I'm not holding my breath.

Thanks Kevin for the speedy reply.

Re: Active Directory query for NT 4 Servers

I see the problem now. Just as you stated, Windows 2000 Systems show the 'operatingSystem' attribute value as "Windows 2000 Server" or "Windows 2000 Professional" whereas the Windows NT servers and workstations alike show "Windows NT".

Can anyone think of anything queriable from ADU&C LDAP queries that can do this?

I guess one alternative, though not the greatest would be to cross reference the list from Hyena and update the NT4 server/workstation 'Descriptions' to signify something that I could query.

The reason I have this need is because while I am licensed for Hyena, some people that need these queries are not.

Re: Active Directory query for NT 4 Servers

Your best options I think are to either put all of your NT server into their own OU container, or modify an attribute like "location" that is not being used for these servers and then query on that.

Re: Active Directory query for NT 4 Servers

After looking further at the samaccounttype attribute and contacting Microsoft, this attribute is of no use to you. Its only purpose is to determine whether an object is a user, group, or computer and not much else.

There isn't any way to reliably or accurately determine the type of computer that you are dealing with when looking at the attributes in Active Directory, especially for Windows NT computers. This is why Hyena does not use AD to build either the Domain Controllers or Servers object listing.