Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #1 
Can [System.Environment]::GetEnvironmentVariable('logonserver')  be used against a Remote Server via a CIMSession ?


What I am doing is proving that a list of Domain Servers can be logged into and grabbing some basic info, one of which is the LogonServer that authenticated my session to the Target Server.


When I am getting the FQDN and DNS info using .NET, I use this which works great -

-- $CS is the CIMSession --


Code:

$FQDN = [System.Net.Dns]::GetHostEntry([string]$CS).HostName 
$IPDNS = [System.Net.Dns]::GetHostEntry([string]$CS).AddressList.IPAddressToString



But I cannot find anything running this against a Remote Server via a CIMSession -
[System.Environment]::GetEnvironmentVariable('logonserver')

I am currently using this WIN32 Class which is working but out of curiosity and wanting something a bit faster was hoping to use the .NET method.
Code:

$LogOnServer = Get-CimInstance -CimSession $CS -ClassName Win32_NTDomain | Select -ExpandProperty DomainControllerName



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Infradeploy

Avatar / Picture

Senior Member
Registered:
Posts: 166
Reply with quote  #2 
Logon of what?
I am missing that vital piece of info. Is not a system variable, but a user one

__________________
Have SpaceSuit, Will Travel

0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #3 
Logon server used to authenticate my connection.  Proving I can actually log on to this server and show which DC authenticated my account.
__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 183
Reply with quote  #4 
If you want to prove network logon, just execute a listing of \\dc.<domain>\sysvol. Something like that.

This:

> one of which is the LogonServer that authenticated

is an NT4 concept where NETLOGON got you logged on. Forget it, it's (almost) useless. There is no real concept of a logon server because AD has many services, each of which can be on a different DC: GC, LDAP, Kerberos, Netlogon, SYSVOL, NTP, ...

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #5 
Quote:
Originally Posted by wkasdo
If you want to prove network logon, just execute a listing of \\dc.<domain>\sysvol. Something like that.

This:

> one of which is the LogonServer that authenticated

is an NT4 concept where NETLOGON got you logged on. Forget it, it's (almost) useless. There is no real concept of a logon server because AD has many services, each of which can be on a different DC: GC, LDAP, Kerberos, Netlogon, SYSVOL, NTP, ...


I needed to show something other than the Target Server's information since they wanted something to show "Ok, he logged in today and hit that DC which is different than yesterday so the Target Server is up and available"

I already have error catching where I first run a Test-Connection, if fail append to log then I attempt the New-CIMSession using my Creds, if that fails do to no access or Not Enough Resources again, append to log...

After I have successfully connected to the Server I grab the current data along with the DC that authenticated my connection and close the session.

It seems a bit over kill but its what I was asked to look into...

So basically,  Take this list of Windows Servers and PROVE that you can log into them at any given time...

I guess I could grab my logon session and timestamp as well from each target...



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: