Differentiating in the Server/Workstation Reports

Have any general questions regarding the Max Power Soft AD Tool? Feel free to post them here.

Moderator: IgorMax

Post Reply
bobsully
Posts: 3
Joined: Wed Aug 29, 2012 4:15 am

Differentiating in the Server/Workstation Reports

Post by bobsully » Mon Sep 17, 2012 5:54 am

When I pull in any server report, all I get are the Domain Controllers. When I pull up workstation reports they include all my 90 or so, other servers as well. What is differentiating servers from workstations in the application, and what can I change, either in the report or in my AD, to sucessfully get these reports to work as I expect.

User avatar
IgorMax
Posts: 68
Joined: Tue Oct 30, 2007 7:57 pm
Location: Irvine, California
Contact:

Re: Differentiating in the Server/Workstation Reports

Post by IgorMax » Wed Sep 26, 2012 9:10 pm

The difference between workstations and servers is based on bits set in UserAccountControl attribute:
http://support.microsoft.com/kb/305144

To load only workstations we check WORKSTATION_TRUST_ACCOUNT (4096 or 0x100) bit set in UserAccountControl attribute.
For server this is SERVER_TRUST_ACCOUNT (8192 or 0x2000).
That is how AD Reports distinguishes workstations from servers (regardless of Operating system installed.)
I would suggest to check LDAP attributes of the questionable accounts, see if those bits are set or not
ad create custom reports with different LDAP filters.

I hope this will help.
Igor.

bobsully
Posts: 3
Joined: Wed Aug 29, 2012 4:15 am

Re: Differentiating in the Server/Workstation Reports

Post by bobsully » Thu Sep 27, 2012 4:05 am

Thank you for your response. That is exactly my problem. I see that all my servers have the userAccountControl set to 4096, rather than 8192, but even in the article you reference is states "•SERVER_TRUST_ACCOUNT - This is a computer account for a domain controller that is a member of this domain." So it does not appear that this is a default setting I should expect. Could you give me a little more information as to why AD Reports would choose to use this attribute to distinguish workstations from servers.

bobsully
Posts: 3
Joined: Wed Aug 29, 2012 4:15 am

Re: Differentiating in the Server/Workstation Reports

Post by bobsully » Thu Sep 27, 2012 9:46 am

After speaking with a few folks, I was advised not to make any changes to the our servers to make them identified as domain controllers. I am attempting to create a custom query, but I can't seem to find where I would eliminate that attribute parameter that is built in to the standard report, Servers in this case.

Post Reply