Database Search
TechHome
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Find Domain for a Computer
Keywords: find domain for a computer wntGetDc wntAcctInfo wntServerList
Question:
Background:I'm in a environment with a lot of different domains. And the trust-relations between the domains are different from domain to domain. I have a list over computers I want to connect to and make some changes on the machine. But the connect as account information differs between the domains
My problem:
Is there any function ex. wntServerInfo that could return the domain the machine belongs to. Similar to W2k's "find computer". I fully understand that this will be from the browser-list but that's enough for me.
I can't read any reg-value on the machine as i don't have any way to connect to it with a correct username/pwd before i know what domain it belongs to.
Today I use a cmd-file which does a nbtstat and then search for the domain entry.
I have a list containing maybe 100 different machine names.
For every machine in the list i want to resolve what domain it belongs to.
Ex: Running a script on \\SERVER123 and want to find out witch domain \\FILESERVER222 belongs to.
One solution would be to do some looping with wntResources and then make a list over all machines on the network and then search that list. But that's doesn't seem like a nice/quick(=long time to execute the script) solution.
More Background:
LgAdminSid = "S-1-5-32-544"
GroupName = wntAcctInfo( "\\JUMBO", LgAdminSid, 2)
AccountDomain = wntAcctInfo("\\JUMBO", AccountDomain, 0)
This only returns BUILTIN and that's logical. But without knowing the domain the computer belongs to (so i
can do a "connect as" with a valid account) "connecting" to the computer doing these things is a problem.
The environment (I'm here to clean it up) are aprox. 90 NT-domains. The trust-environment is a nightmare. And on the bigger part of these domains i have a account that's a memeber of the domain admins group. But the password and username differs between the domains so depending on which domain the machine belongs to I'm forced to use different username and password BEFORE i do any work on the machine. Windows "Find Computer"-box does the job but i want to automate the process.
Answer:
This is a real "catch 22" situation. You need to know the domain of the workstation/server in order to login using the proper credentials to have administrator accesss. However, you cannot directly get this information from any particular system unless you already have administrator access.There is actually no easy way to do what you want to do. The problem is that if you work based on the assumption that you don't have valid credentials to access the desired computer as an administrator then you cannot directly ask it what domain it belongs to. Likewise, if you lack domain administrator credentials then you cannot directly interrogate a DC for a domain to list all of its computer accounts that it has for member computers, etc...
The only thing that is guaranteed to work is that you need to have a list of domains for which you can call wntServerList(), and then you can search the list of computers in a domain to see if the desired computer is in the list of members for any given domain that you've done this for.
I did find one Win32 API Function, NetWkstaGetInfo(), which can return this information, but you must have Administrators group membership or Print/Server operator privilege. Again, this means that you have to be logged in using a specific account to get this information. It appears that there's no NT extender function that wraps around this Win32 API function, but it could be added in the future as one of the items of information returned by wntServerInfo().
W/o going through a rigorous review of the exact permissions required by the underlying Win32 API functions used by the NT extender, I cannot say for certain whether or not this snippet of code will work for you in your rather complex environment. However, give it a try and see what happens...
AddExtender('WWWNT34I.DLL')
ServerSpec = '\\workstation' ; fill in a valid computer name
DomainSpec = ''
Flag = 0
ErrorMode(@OFF)
DCSpec = wntGetDc(ServerSpec,DomainSpec,Flag)
RC = LastError()
ErrorMode(@CANCEL)
ComputerAccount = StrCat(StrSub(ServerSpec,3,-1),'$')
ErrorMode(@OFF)
ComputerDomain = wntAcctInfo(DCSpec,ComputerAccount,0,0)
RC = LastError()
ErrorMode(@CANCEL)
It runs OK when I execute it on my development system [workgroup node] and I ask it to find the domain of
another workstation on the network that is a member of a domain. However, the user account that I'm logged
on with locally on my development system also exists on these other computers [with the same password] so
I'm probably being implicitly trusted by the remote systems [due to the same credentials existing in all of their
SAM databases].
You might also want to check out the WMI code that should work. http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/WMI+Obtain~the~Name~of~the~Domain~to~which~the~Computer~Belongs.txt
Article ID: W15194
File Created: 2014:07:18:09:51:38
Last Updated: 2014:07:18:09:51:38