4

I would normally get the distinguished name of a member computer on the Active Directory network by calling:

TCHAR buff[256];
buff[0] = 0;
DWORD dwSz = SIZEOF(buff);
GetComputerObjectName(NameFullyQualifiedDN, buff, &dwSz);

But the issue happens when that member computer is currently not connected to a DC. For instance, if I take my work laptop home it will not have access to the local AD we have at work and the GetComputerObjectName will fail. (I believe with the error code 1355 or ERROR_NO_SUCH_DOMAIN.)

So my question is, is there any way to get the distinguished name of a member computer in that situation?

ahmd0
  • 16,633
  • 33
  • 137
  • 233
  • Did you ever figure this out? I'm struggling with the same scenario, except I only need the DOMAIN's root path. Getting `"defaultNamingContext"` of `"LDAP://RootDSE"` seems to require finding the domain controller. – Jason Kleban Apr 11 '14 at 17:25
  • @uosɐſ: No, I did not find it. If you do, please post it here. As a temp workaround I cache this info somewhere in the registry using my app's key and use it later if DC is not available. – ahmd0 Apr 17 '14 at 23:07

3 Answers3

1

If you don't mind me saying, I think that what you're trying to do is somewhat flawed.

The FQDN is only really valid when the member machine is connected to the domain. If you are logged-onto the machine offline (which from your description I assume must be the case) the machine cannot any longer be thought of as having a FQDN on the domain.

After all, while you're offline, some crafty sys admin might move the machine's account in AD so that the next time you log into the domain from it it's FQDN has changed.

The registry key you cite certainly does give the FQDN but, while the machine is offline, should I think be thought of as a cache of the last recorded value.

If I were you I'd handle the exception thrown by GetComputerObjectName() and use something like gethostname() instead.

Cheers, Ian.

Ian Lyon
  • 86
  • 6
  • I need the DN to identify that workstation for another software. So in other words, the DN is not used for its direct purpose. I know that one can use SIDs and such, but that is the way it is currently set up and I don't want to reinvent the bicycle... Plus the identification system must be user-friendly and SIDs are obviously not. – ahmd0 Jan 16 '13 at 21:31
0

Hmm. So no one has any idea, hah?

My only wild guess would be get it off of this registry key for the GPOs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Distinguished-Name

So what do you think?

ahmd0
  • 16,633
  • 33
  • 137
  • 233
0

Maybe GetComputerNameEx with the ComputerNameDnsFullyQualified NameType has less of a dependency on communicating with a DC?

Marc Sherman
  • 2,303
  • 14
  • 22