Distinguishing a Domain Controller from a Windows 2000 Member Server (221804)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
This article was previously published under Q221804

SUMMARY

You can use the following methods to identify Windows 2000 domain controllers.

MORE INFORMATION

  • The \NTDS registry key exists in the HKLM\SYSTEM\CCS\SERVICES portion of the registry.
  • The SYSVOL and NETLOGON shares exist. (The SYSVOL share and its contents exist after demotion of a domain controller.)
  • NBTSTAT shows that the 1C name (Domain) has been registered. Type nbtstat -n from a command prompt and note the presence of the 1C name.
  • The computer role from the NET ACCOUNTS utility lists the computer role as "PRIMARY" and standalone servers as "SERVERS." Type net accounts from the command prompt.
  • The NET START command indicates that the Kerberos Key Distribution Center (KDC) service is running. Type net start |more.
  • The computer responds to LDAP queries (specifically, to port 389 or 3268).
  • The "Connect to server %S" command in Ntdsutil.exe functions only against Windows 2000 domain controllers.
  • The Change button on the Network Identification tab in My Computer is disabled when Windows 2000 is configured as a domain controller. A note appears indicating this.
  • Run Netdiag (a Resource Kit utility) and observe the "Machine is a Primary Domain Controller" entry in the output. Type netdiag /v from the command prompt.
Modification Type:MajorLast Reviewed:11/13/2003
Keywords:kbenv kbinfo KB221804
©2003 Microsoft Corporation. All rights reserved.