none
how to tell which domain server a service account is authenticated

    Question

  • How to tell which domain server/controller a service account is authenticated?

    I have an issue where

    Say, a particular service account is authenticated to DC1; it does not authenticate against 2nd DC, or 3rd DC if DC1 is rebooted.

    I'm trying to find out which DC is the service account authenticated against.

    I do not have access to DC but I was hoping there's a command line / script that I can run like "ECHO %LOGONSERVER%" which allows me to find the DC for my login.

    Thank you.



    • Edited by Ami2013 Wednesday, December 14, 2016 5:50 PM
    Wednesday, December 14, 2016 5:21 PM

All replies

  • Hi,

    If you have configured subnet and sites the client will try to contact one of DC of closest site, following to subnet of its address IP . If you have many DC in same site you can set weight and priority of SRV entry in DNS active directory zone , to force client to contact for example DC1 if it's available

    You can also run the followings command to check the LOGONSERVER site, and the client site:

    nltest /dsgetdc:domainname.com
     


    Wednesday, December 14, 2016 5:33 PM
  • The logonCount attribute of user objects is not replicated, so it can be used to tell how many times an account has authenticated to each DC. For example, the dsquery utility is available if RSAT is installed on the client:

    dsquery * -LDAPFilter "(sAMAccountName=NTNameOfAccount)" -Server "dc2.domain.com" -Attr logonCount lastLogon

    If lastLogon is zero or missing, then the account has never authenticated to specified DC. Similar can be done in PowerShell:

    Get-ADUser -Server "dc2.domain.com" -Identity "NTNameOfAccount" -Properties lastLogon, logonCount

    Unfortunately, lastLogon is LargeInteger, so more code is required to convert the value into a readable date.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, December 14, 2016 6:29 PM
  • Hi,

    I am checking to see how things are going there on this query.

    Please feel free to let us know if further assistance is required.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 26, 2016 4:53 AM
    Moderator