Exploring the Configuration Context

Scripts to explore your Active Directory Configuration:  Your Active Directory forest is divided into sections, called directory partitions, also referred to as naming contexts. There is a partition for each domain in your forest, and some other special partitions that include a DNS storage partition for each domain, a forest-wide DNS storage partition, a partition for the Schema, and a partition for the forest configuration.

The Configuration partition contains various forest-wide configuration information. The list of domains in the forest, the list of sites and subnets, domain controller replication partners, and forest-wide services are all defined in the Configuration partition.

Some of the information in the Configuration container is visible in the AD Sites and Services tool. However, much of it is visible only in generic tools like adsiedit, Ldp, or Active Directory scripts. Have a look around in the Confguration partition, it's very informative.

You can connect to the Configuration partition using a script, by connecting to the container cn=configuration,dc=myForest,dc=net. Of course, we don't like to hard-code anything in our scripts, so we'll use rootDSE to discover the path of the Configuration container like so:

use Win32::OLE;
$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");
print "Path to Configuration container is: $config\n";

Now that we know the path to the configuration container, we can dig down and get some useful information. For example, we can get a list of all of the directory partitions mentioned above.

use Win32::OLE;

$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");

$partitionsContainer=Win32::OLE->GetObject("LDAP://cn=Partitions,$config");

foreach $partition (in $partitionsContainer){
 print $partition->Get("ncName")."\n";
}

As you can see, the code displays the list of partitions that I mentioned above. Prehaps you're only interested in the domains, not the special partitions. In that case, you can display only the ones that have a netbiosName.

use Win32::OLE;

$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");

$partitionsContainer=Win32::OLE->GetObject("LDAP://cn=Partitions,$config");

foreach $partition (in $partitionsContainer){
 if($partition->{netbiosname}){
  print $partition->Get("ncName")."\n";
 }
}

Once you've got the list of domains, you can then go to each domain and get, for example, the list of domain controllers:

use Win32::OLE;

$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");

$partitionsContainer=Win32::OLE->GetObject("LDAP://cn=Partitions,$config");

foreach $partition (in $partitionsContainer){
 if($partition->{netbiosname}){
  print "Domain Controllers in the $partition->{netbiosName} domain:\n";
  $domainControllersContainer=Win32::OLE->GetObject("LDAP://ou=domain controllers,".$partition->Get("ncName"));
  foreach $dc (in $domainControllersContainer){
   print "\t$dc->{cn}\n";
  }
 }
}

Cool huh? And there's more. One of the more common Active directory configuration items is the management of sites and subnets. They're stored in (guess where), the configuration partition. Sites are a logical representation of a geographical location or a group of subnets that are connected together at high speed. The idea is that clients and services (like Active Directory) will identify themselves as being in the same site, so that the clients will try to use the domain controllers at their own site. So we define subnets in AD and specify which site they belong to.
To get a list of sites from the AD, you can simply connect to the sites container and list the site objects, as in the script below:

use Win32::OLE;

$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");

$sitesContainer=Win32::OLE->GetObject("LDAP://cn=sites,$config");

foreach $site (in $sitesContainer){
 if($site->{class} eq "site"){
  print "$site->{cn}\t$site->{description}\n";
 }
}

And here's a script that lists the subnets defined in AD along with what site they're associated with:

use Win32::OLE;

$dse=Win32::OLE->GetObject("LDAP://RootDSE");
$config=$dse->Get("ConfigurationNamingContext");

$subnetsContainer=Win32::OLE->GetObject("LDAP://cn=subnets,cn=sites,$config");

foreach $subnet (in $subnetsContainer){
 print "$subnet->{cn}\t";
 if($site=Win32::OLE->GetObject("LDAP://$subnet->{siteObject}")){
  print "$site->{cn}\n";
 }else{
  print "\n";
 }
}

Stay tuned for more on this. There's lots of good information in the configuration context that allows you to dig into the inner workings of AD.