Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Locating Active Directory KDCs

Use this procedure to obtain the host names for Active Directory Key Distribution Centers (KDCs). Later in the configuration process, you need these host names.

To obtain the KDC host names

From the command line, enter the following:

nslookup -type=srv _kerberos._tcp.<REALM>

where <REALM> is a Microsoft Windows domain name.

Look up the KDCs for each realm against which users authenticate as well as the realm of the Authentication Server. If multiple realms are used, such as SUB1.DEV.MYCOMPANY.COM and SUB2.DEV.MYCOMPANY.COM, also look up the KDC for the parent realm (DEV.MYCOMPANY.COM). For example:

nslookup -type=srv _kerberos._tcp.SUB1.DEV.MYCOMPANY.COM

 

nslookup -type=srv _kerberos._tcp.SUB2.DEV.MYCOMPANY.COM

 

nslookup -type=srv _kerberos._tcp.DEV.MYCOMPANY.COM

The Active Directory KDC's host name is reported as the value of service (UNIX) or svr hostname (Windows). For example:

service = 0 100 88 kdc.sub2.dev.mycompany.com

(Ignore the numbers before the host name.)

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Decision Support for Server Automation 8.3