Recipe 17.2 Finding the Application Partitions in a Forest

17.2.1 Problem

You want to find the application partitions that have been created in a forest.

17.2.2 Solution

17.2.2.1 Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a DC.

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter a user and password with the necessary credentials.

  8. Click OK.

  9. From the menu, select Browse Search.

  10. For BaseDN, type the DN of the Partitions container (e.g., cn=partitions,cn=configuration,dc=rallencorp, dc=com).

  11. For Filter, enter:

    (&(objectcategory=crossRef)(systemFlags:1.2.840.113556.1.4.803:=5))
  12. For Scope, select One Level.

  13. Click the Options button.

  14. For Attributes, type dnsRoot.

  15. Click OK.

  16. Click Run.

17.2.2.2 Using a command-line interface

Use the following command to find all of the application partitions in a forest:

> dsquery * cn=partitions,cn=configuration,<ForestDN> -filter[RETURN]
"(&(objectcategory=crossRef)(systemFlags:1.2.840.113556.1.4.803:=5))"[RETURN]
-scope onelevel -attr dnsRoot
17.2.2.3 Using VBScript
' This code displays the application partitions contained in the 
' default forest

set objRootDSE = GetObject("LDAP://RootDSE")
strBase    =  "<LDAP://cn=Partitions," & _
              objRootDSE.Get("ConfigurationNamingContext") & ">;"
strFilter  = "(&(objectcategory=crossRef)" & _
             "(systemFlags:1.2.840.113556.1.4.803:=5));"
strAttrs   = "cn,ncName;"
strScope   = "onelevel"

set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)

objRS.MoveFirst
while not objRS.EOF 
   Wscript.Echo objRS.Fields("nCName").Value
   objRS.MoveNext
wend

17.2.3 Discussion

The method I used in the Solution to get the list of application partitions was to query all crossRef objects in the Partitions container that have the systemFlags attribute with the 0101 bits set (5 in decimal). To do this, I used a logical AND bit-wise filter. See Recipe 4.9 for more on searching with a bitwise filter.

You can take a shortcut by not including the bitwise OID in the search filter, and changing it to systemFlags=5. This currently produces the same results in my test forest as with the bitwise filter, but there are no guarantees since it is a bit-flag attribute. There may exist special circumstances when an application partition would have another bit set in systemFlags that would yield a different value.

In each solution, I printed the dnsRoot attribute for each application partition, which contains the DNS name of the application partition. You can also retrieve the nCName attribute, which contains the distinguished name of the application partition.



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List