Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
The Branch site contains a member server named Server1 that runs Windows Server 2012 R2.
You need to identify which domain controller authenticated the computer account of Server1.
What should you do?
A.
Verify the value of the %LOGONSERVER% environment variable.
B.
Run nltest /sc_query.
C.
Verify the value of the %SESSIONNAME% environment variable.
D.
Run nltest /dsgetsite.
Explanation:
A)
%LOGONSERVER% is the domain controller that authenticated the current user.
B)
Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.)
This parameter lists the name of the domain controller that you queried on the secure channel, also.
D)
Returns the name of the site in which the domain controller resides.
http://technet.microsoft.com/en-us/library/cc753915(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc731935(v=ws.10).aspx
I believe the provided answer is correct.
Any suggestions/comments/remarks?
“When a user logs on, %LOGONSERVER% is defined and set to the name of the authenticated computer.”
How to use %LOGONSERVER% to distribute user profiles:
https://support.microsoft.com/sl-si/help/141714/how-to-use-logonserver-to-distribute-user-profiles
1
0
it is correct, looked up the other options in TechNet
nltest /sc_query : Reports on the state of the secure channel the last time that you used it. (The secure channel is the one that the NetLogon service established.) This parameter lists the name of the domain controller that you queried on the secure channel, also.
– can be changed with /sc_reset or really any command such as NSLookup and specifying a different DC.
%SESSIONNAME% environment variable – tells you how you are running the current cmd/PS window
– if you are remotely connected to the machine you will get a response of something like RDP-Tcp#1 if you are physically there you will get a response of Console, assuming you didn’t specifically start the remote session with the console tag of course
nltest /dsgetsite : Returns the name of the site in which the domain controller resides.
– Could actually be useful in this situation, but it is still vulnerable to restarting netlogon, /sc_reset and anything that specifically changes the last DC connected to through the secure channel
2
0