Requirement:How to find the available domain controllers for an Active Directory domain from ClearPass CLI.
Solution:Login to CPPM CLI using appadmin. The below command should list the available domain controllers and the list of the services rendered by all the domain controllers in the specific domain.
network nslookup -q srv <domain name>
Configuration:Service Record:
A Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services.
Command syntax:
[appadmin@Vivin.ns-lab.com]# network nslookup -q srv BLR.IN
Where, BLR.IN is the active directory domain name.
VerificationOutput:
Above output shows that, there are two available domain controllers with the FQDN:
1. nslabdc2.blr.in
2. nslabdc1.blr.in.
that can service Kerberos and ldap services in the domain. The FQDN names of the domain controllers are particularly useful while joining the ClearPass to an active directory domain.
After joining the ClearPass to the Active directory domain, we can use 'show domain' command from appadmin CLI, for verification.
The above output shows that this specific CPPM is joined to the domain 'BLR.IN' using the domain controller 'NSLABDC1.BLR.IN' with its IP address and the status.