Wednesday, March 9, 2011

DFS - What's that namespace?

I have on several occasions made an (albeit half-hearted) attempt to figure out how to check what DFS mode (2000 or 2008) a domain namespace (DFSN) is using. Last week I finally decided to get to the bottom of it.

If your domain functional level (DFL) is lower than 2008, then this should not be an issue. Windows Server 2000 mode is the only option.

However, if your DFL is Windows Server 2008, then you have an option to create a namespace using either Windows Server 2000 or 2008 mode. You can see which mode a namespace is using if you open the DFS Management console. Right click a namespace, click properties, and the mode is listed on the "General" tab. It can also be seen in the description bar if a namespace is selected.

But this is not what I wanted. I wanted a way to retreive this information using the command line.

The command line tools available for DFS management are dfscmd, dfsutil and dfsdiag. I checked the documentation and help/syntax for a way to display the DFSN mode. I found nothing.

I searched the Internet and posted in a forum on technet, but it bore no fruit.


I fired up ldp.exe and adsiedit to look for any clues, in case the information was stored there (the mmc console obviously knew which mode a namespace was in!).

The DFS configuration can be found here: 
CN=Dfs-Configuration,CN=System,DC=testlab,DC=local

Here I found the namespace attribute msDFS-SchemaMajorVersion. I found it on my 2008 namespaces but not on my 2000. I looked it up.

The article explains that this attribute was "Implemented on Windows Server® 2008 operating system and Windows Server® 2008 R2 operating system." Which means it's not present on Windows Server 2000 namespaces!

So, what can I do with this information? Can I check if the attribute is present on the namespace and make an assumption that it is either 2000 or 2008, depending on if it's there or not? Yep!

Now to the fun part. 

This VBScript will bind to the DFS-Configuration and loops through all the namespaces it contains. It will attempt to get and check for the msDFS-SchemaMajorVersion for each namespace to see if its empty or not. If it cannot retreive it, it will make the assumption that it's dealing with a namespace in WS 2000 mode. On the other hand, if it can retreive it, we're dealing with a 2008 namespace. Right? Well, I and my script will assume so. At least until the next Windows Server operating system is released. (Then perhaps we can check for the version number instead?).

If InStr(1, WScript.FullName, "wscript.exe", vbTextCompare) Then
  Set objShell = WScript.CreateObject("WScript.Shell")
  objShell.Run "cmd /k cscript.exe """ & WScript.ScriptFullName & ""
  WScript.Quit
End If

Set objRootDSE = GetObject("LDAP://RootDSE")
Set objSysInfo = CreateObject("ADSystemInfo")

Const MODE_DFS2000 = "(Windows Server 2000 mode)"
Const MODE_DFS2008 = "(Windows Server 2008 mode)"
Const MODE_ERROR  = "(Could not determine mode)"

strDomainComponents = objRootDSE.Get("DefaultNamingContext")
strDomainFQDN = objSysInfo.DomainDNSName

Set objDFS = GetObject("LDAP://CN=Dfs-Configuration,CN=System," & strDomainComponents & "")
For Each dfsNameSpace In objDFS
  On Error Resume Next
    If IsEmpty(dfsNameSpace.Get("msDFS-SchemaMajorVersion")) Then
      WScript.Echo "\\" & strDomainFQDN & "\" & dfsNameSpace.CN & vbTab & MODE_DFS2000
    ElseIf Not IsEmpty(dfsNameSpace.Get("msDFS-SchemaMajorVersion")) Then
      WScript.Echo "\\" & strDomainFQDN & "\" & dfsNameSpace.CN & vbTab & MODE_DFS2008
    Else
      WScript.Echo "\\" & strDomainFQDN & "\" & dfsNameSpace.CN & vbTab & MODE_ERROR
    End If
  On Error Goto 0
Next

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)