jspωiki
Netlogon attribute

Overview#

Netlogon attribute is a poorly worded and poorly documented concept used in Microsoft Active Directory.

Netlogon attribute is also referred to as:

Netlogon attribute is the Search Response (NETLOGON_SAM_LOGON_RESPONSE_EX) from a Search Request known as a LDAP ping typically performed by the Netlogon service is a Pseudo Attribute that returns a Data Structure as the second extended version of the server's response to an LDAP ping

Netlogon attribute is not defined in the LDAP Schema.

This

  • Opcode (2 bytes): Operation code (see section 6.3.1.3). Sbz (2 bytes): This MUST be set to 0.
  • DS_FLAG (4 bytes): DS_FLAG Options where bits are presented in Big-Endian byte order.
  • DomainGuid (16 bytes): The value of the NC's GUID attribute specified as a GUID structure, which is defined in MS-DTYP section 2.3.4.
  • DnsForestName (variable): UTF-8 encoded value of the DNS name of the forest, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • DnsDomainName (variable): UTF-8 encoded value of the DNS name of the NC, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • DnsHostName (variable): UTF-8 encoded value of the DNS name of the server, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • NetbiosDomainName (variable): UTF-8 encoded value of the NetBIOS name of the NamingContext, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • NetbiosComputerName (variable): UTF-8 encoded value of the NetBIOS name of the server, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • UserName (variable): UTF-8 encoded value of the user specified in the client's request, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • DcSiteName (variable): UTF-8 encoded value of the Active Directory Site name of the server, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • ClientSiteName (variable): UTF-8 encoded value of the Active Directory Site name of the client, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • DcSockAddrSize (1 byte): A CHAR that contains the size of the server's IP Address. This field is included only if the client specifies NETLOGON_NT_VERSION_5EX_WITH_IP in the request.
  • DcSockAddr (16 bytes): The Domain Controller IPv4 address, structured. This field is included only if the client specifies NETLOGON_NT_VERSION_5EX_WITH_IP in the request.
  • NextClosestSiteName (variable): This field is included only if the client specifies NETLOGON_NT_VERSION_WITH_CLOSEST_SITE in the request, and if the responding DC has DC Domain functional levels DS_BEHAVIOR_WIN2008 or greater. When included, NextClosestSiteName contains the name of the site that is closest by cost to ClientSiteName without being equal to it. The Active Directory Site name is UTF-8 encoded, compressed as specified in RFC 1035 section 4.1.4. To get the decompressed string, see section 6.3.7.
  • NtVersion (4 bytes): NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5EX.
  • LmNtToken (2 bytes): This MUST be set to 0xFFFF.
  • Lm20Token (2 bytes): This MUST be set to 0xFFFF.

Note All multibyte quantities are represented in Little-Endian byte order.

More Information#

There might be more information for this subject on one of the following: