nslookup returns global catalog servers in different order

Discussion in 'Active Directory' started by Greg Brown, Jan 2, 2007.

  1. Greg Brown

    Greg Brown Guest

    Greetings All,

    I am writing a short vbscript to run a few AD related commands and then
    e-mail the results to myself everyday so I can keep an eye on changes that
    others may have made to the domain. This is all working well except for one
    small annoyance. Whenever I run a NSLOOKUP to retreive a list of Global
    Catalog servers the list comes back in a slightly different order. Has
    anyone seen this before and is this normal behavior??? I have verified that
    the same DNS server is responding to the request every time.

    The command I am running is:

    nslookup gc._msdcs.my.domain.com

    Obviously substituting my.domain.com for my real domain name.

    Any thoughts or suggestions would be appreciated. I know that I can sort
    the output but I was hoping for a little insight regarding why this is

    Greg Brown, Jan 2, 2007
    1. Advertisements

  2. Greg Brown

    Herb Martin Guest

    That would be normal behavior for ANY DNS record with the
    same name as long as "Round Robin" is enabled in the advanced
    properties of the Server MMC -- and it should be in most cases.

    Round robin almost certainly accounts for the rotated results --
    that is what it does (for performance and load balancing reasons.)
    Just sort the results obtained if you need them in a certain order.
    Herb Martin, Jan 2, 2007
    1. Advertisements

  3. Greg Brown

    Greg Brown Guest


    That was it. Thank you very much for the quick answer. I will go ahead and
    do a simple sort to keep the list in a consistent order.

    Thanks Again,
    Greg Brown, Jan 2, 2007
  4. Greg Brown

    Herb Martin Guest

    Glad to help.

    What sort of things are you checking?

    One suggestion would be to include DCDiag output from
    each DC (comparing for differences perhaps or just first
    searching for FAIL or WARN) -- if you haven't done this
    Herb Martin, Jan 2, 2007
  5. Greg Brown

    Greg Brown Guest

    That is a good idea. So far I am only checking these few things. I plan on
    making this more elaborate over time so this is just a starting point:

    1: check to see if there are any changes to the list of global catalog
    servers -- additions or removals
    2: check to see if any of the FSMO roles have been moved
    3: check to see if any domain controllers have been added or removed

    Greg Brown, Jan 3, 2007
  6. Greg Brown

    Herb Martin Guest

    1: check to see if there are any changes to the list of global catalog
    Ok, but the above don't seem like the most important,
    or the most likely things to go wrong.

    DCDiag is far more likely to show you problems before your
    users report them. And if you don't trust the other Admins
    then using Auditing (or removing some of those admins) is
    likely more valuable.
    Herb Martin, Jan 3, 2007
  7. Hi Greg,

    This is normal and to be expected when performing an nslookup against this
    record. DNS is handling these _gc records in a round robin fashion to
    distribute the load amongst the GC servers.

    Hope this helps,

    Brian Delaney
    Microsoft Canada
    Brian Delaney [MSFT], Jan 3, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.