[英]Ldap queries with multiple domains
I have question about LDAP queries and DC in general (in Microsoft AD):我对 LDAP 查询和一般 DC 有疑问(在 Microsoft AD 中):
Thanks谢谢
waiting for your help等待你的帮助
Domain controllers are in charge of a single domain and holds information only about this single domain.域控制器负责单个域并仅保存有关该单个域的信息。 Global Catalogs hold information about selected attributes of users and groups of all the forest (master domain and all its subdomains), so the easiest way is to run the query against a GC.
全局目录包含有关所有林(主域及其所有子域)的用户和组的选定属性的信息,因此最简单的方法是针对 GC 运行查询。 Those never respond with referrals.
那些从不回应推荐。
Every single domain controller can be configured to be a Global Catalog if needed.如果需要,每个域 controller 都可以配置为全局目录。 GC endpoint runs on port 3268 for LDAP and 3269 for LDAPS, so chances are that executing your regular LDAP(S) query against GC ports will result in what you wish.
GC 端点在 LDAP 的端口 3268 和 LDAPS 的 3269 端口上运行,因此对 GC 端口执行常规 LDAP(S) 查询很可能会得到您想要的结果。 You can get the list of all GCs in the forest by querying DNS for SRV records, ie
nslookup -type=SRV _gc._tcp.<forest name>
.您可以通过查询 DNS 的 SRV 记录来获取森林中所有 GC 的列表,即
nslookup -type=SRV _gc._tcp.<forest name>
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.