1

I want to be able to determine whether a particular domain controller is read-only. I know I can do stuff like this to get a writeable DC:

using( Domain d = Domain.GetCurrentDomain() )
{ 
    DomainController dc = d.FindDomainController(
        "mysitename", LocatorOptions.WriteableRequired);
}

But given a DomainController object is there a way to determine whether that DC is writeable?

The reason I'm asking is that I want to try to select a preferred domain controller that is 1. Writeable 2. In my site and 3. a global catalog. There doesn't seem to be a good way to find a server with all these attributes.

Improve this question

2 Answers 2

Reset to default
5

One difference between Read-Only and Writable Domain Controllers are that all Read-Only Domain Controllers have the attribute primaryGroupID set to 521 (which is the RID for the "Read-only Domain Controllers" built-in group in Active Directory). Writable Domain Controllers have primaryGroupID set to 516 (the "Domain Controllers" group).

The primary group for a read-only domain controller cannot be easily changed (Active Directory won't allow it) so you should be safe to assume that all RODC:s have that attribute set to 521.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It's not elegant, but...

If you have the DomainController object, you can do:

bool isWritable = true;
try
{
    using (Domain d = Domain.GetCurrentDomain())
        var dc = d.FindDomainController(theDomainController.Name, LocatorOptions.WriteableRequired);
}
catch(ActiveDirectoryObjectNotFoundException)
{
    isWritable = false;
}

This should determine whether a specific domain controller is writable.

Improve this answer

1 Comment

That doesn't work. The first parameter of FindDomainController is the name of the site to search not the domain controller hostname. If you try that code, it will set isWritable = false for all domain controllers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.