DC Resolution

DC Resolution

This option provides the ability to check the consistency of the DNS, DSAPI, LDAP configuration for the domain controllers in the forest.  There is also the option to complete a port scan to confirm if the list of ports are available\open.  

When the Go button is pressed a list of domain controllers for the forest is collected from DNS, DSAPI, and LDAP are collated, for each domain controller found an entry is created and a green light is display against each test where the domain controller details were returned. In normal operation the domain controller should be returned in all three tests. Common reason for a domain controller not being included is that DC is in a different domain in the forest or the DNS entry could be missing if the domain controller is configured not to register srv records in DNS or the Domain Controller is in a different domain in the forest.

When the Port Scan button is pressed the ports listed on the column headers are scanned, and the results are displayed as a green or red light.  The default ports that are scanned are the standard ports used by AD.  These ports can be changed by using the Ports dialog available by pressing the Ports button.

The first time the dialog is opened it will automatically add a profile for the AD ports, if you delete all the profiles, the AD profile will be added automatically when the dialog is opened again.  You are able to create multiple profiles with different TCP and UDP ports defined.  By default the AD profile will be used, however you can set another profile to be the default list of ports to be scanned, using the Default button.  The TTL option is used to set the IP hop count limit and is used by the TCP and UDP scan.  ICMP Delay options is used to set the time the ping test will wait for a response, if a response is not received before this timeout has expired the ICMP test will fail and the TCP and UDP scans will not be completed.  The TTL and IMCP delay are global settings and will be used for all port profiles.  The details of the profiles and port is saved in the NetTools.ini file.

These is also the ability to use this test to scan end points other than domain controllers, by simply copy and pasting a list of IP addresses, FQDN, or NetBIOS names of the end points that you wish to test, and then click on the Port Scan button the test will then be run against the list of entries provided.