Distinguishing a Domain Controller from a Windows 2000 Member Server

• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server

SUMMARY

You can use the following methods to identify Windows 2000 domain controllers.

MORE INFORMATION

• The \NTDS registry key exists in the HKLM\SYSTEM\CCS\SERVICES portion of the registry.



• The SYSVOL and NETLOGON shares exist. (The SYSVOL share and its contents exist after demotion of a domain controller.)



• NBTSTAT shows that the 1C name (Domain) has been registered. Type nbtstat -n from a command prompt and note the presence of the 1C name.



• The computer role from the NET ACCOUNTS utility lists the computer role as "PRIMARY" and standalone servers as "SERVERS." Type net accounts from the command prompt.



• The NET START command indicates that the Kerberos Key Distribution Center (KDC) service is running. Type net start |more.



• The computer responds to LDAP queries (specifically, to port 389 or 3289).



• The "Connect to server %S" command in Ntdsutil.exe functions only against Windows 2000 domain controllers.



• The Change button on the Network Identification tab in My Computer is disabled when Windows 2000 is configured as a domain controller. A note appears indicating this.



• Run Netdiag (a Resource Kit utility) and observe the "Machine is a Primary Domain Controller" entry in the output. Type netdiag /v from the command prompt.

Additional query words:

Keywords : kbenv kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo