I want to be able to determine whether a particular domain controller is read-only. I know I can do stuff like this to get a writeable DC:
using( Domain d = Domain.GetCurrentDomain() )
{
DomainController dc = d.FindDomainController(
"mysitename", LocatorOptions.WriteableRequired);
}
But given a DomainController object is there a way to determine whether that DC is writeable?
The reason I'm asking is that I want to try to select a preferred domain controller that is 1. Writeable 2. In my site and 3. a global catalog. There doesn't seem to be a good way to find a server with all these attributes.
One difference between Read-Only and Writable Domain Controllers are that all Read-Only Domain Controllers have the attribute primaryGroupID set to 521 (which is the RID for the "Read-only Domain Controllers" built-in group in Active Directory). Writable Domain Controllers have primaryGroupID set to 516 (the "Domain Controllers" group).
The primary group for a read-only domain controller cannot be easily changed (Active Directory won't allow it) so you should be safe to assume that all RODC:s have that attribute set to 521.