How can I determine version of Active Directory server using a remote LDAP client?

Question

I would like to programmatically differentiate between different types of services over LDAP, in order to adjust to their quirks.

Are there specific entities/records/fields that I can rely on to distinguish a Windows Server 2003 Active Directory server from a Windows Server 2008 AD server from a Windows Server 2012 AD?

Note:

In a question about using javax.naming with AD for a similar purpose, the query

ldapsearch -h HOST -b " " -s base objectclass=*

is proposed. It returns nothing for at least one AD server I tested.

jwilleke jwilleke · Accepted Answer · 2014-04-04T09:27:25

Which version of What?

Microsoft Active Directory does NOT provide venderVersion in the ROOTDSE.

You can return the "forestFunctionality" and/or the "domainFunctionality" as an integer.

To find all DCs and their versions, use this query:

(&(&(&(&(samAccountType=805306369)(primaryGroupId=516))(objectCategory=computer)(operatingSystem=*))))

Oh, and for Microsoft Active Directory you will need an authenticated connection to read the rootDSE.

We talk more about this issue here: http://ldapwiki.willeke.com/wiki/Determine%20LDAP%20Server%20Vendor#section-Determine+LDAP+Server+Vendor-ActiveDirectory

-jim

How can I determine *version* of Active Directory server using a remote LDAP client?

1 Answers

How can I determine version of Active Directory server using a remote LDAP client?