use netstat to find out what domain controller a mac is authenticated against

Last year I wrote about using dscl to find the domain controller a Mac is authenticated against when integrated into an Active Directory environment. This worked fine up until 10.7, Lion. However in Lion and Mountain Lion, this command no longer works as one of my blog followers pointed out. In order to find what domain controller a Mac running Lion or Mountain Lion is authenticated against you need to use the netstat comand. Specifically:

netstat -a | grep ldap

The -a option causes netstat to output the status of ALL sockets being used on the Mac at that very moment. One of these is an ldap socket, specifically the DC that the Mac has authenticated to. Bonus points: This command ALSO works on 10.6 Snow Leopard, so you can use a single command to discover the same information. The above command will yield information similar to the following:

tcp4       0      0  MacClient.domain.amgr.64003 DomainController.domain.a.ldap  ESTABLISHED

About this entry