While I am sure you have several port scanners that you favour, and NOTHING beats nmap, there is a great little tool specifically for use on MS networks that Microsoft freely distributes called PortQueryUI. This gui is a front end to the command line port scanner portqry.exe, and comes with an xml configuration file that you can customise to include your own specific tests.
You can download it from here.
http://www.microsoft.com/downloads/details.aspx?familyid=8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang=en
It is self contained, and makes no modifications to your system. Run the exe to extract five files to c:\portqryui. From that directory, run the portqueryui.exe file to get the GUI. Enter the fqdn or ip.addr of the ‘target pc,’ and select the pre-configured test you want to use, or manually enter the port(s) that you wish to test. I normally use this when assisting others with troubleshooting Active Directory issues. Since the default tests are for domains and trusts, the only thing to do next is click the Query button.
Once it runs, review the output. You should see that all the required tcp ports are LISTENING, all udp ports are LISTENING OR FILTERED, RPC services are successfully enumerated, and that ldap anonymous BINDs are successful and dump the ROOTDSN data. You may see tcp 42 (WINS) is not listening if the PDCe is not a WINS server. As long as you have NetBIOS name resolution setup through other WINS servers or using an LMHOSTS file, you’ll be okay. Carefully parse the RPC services listed to make sure that there are no errors. Some older firewalls do not understand the enhance RPC syntax Windows 2003 uses post SP1, and will ‘kill’ that traffic. If you see some RPCs enumerated, and others with errors, you have a firewall killing RPC traffic. Either upgrade the code on the firewall, or see this article to disable the enhanced RPC.
The other tests that are preconfigured include IPSec, Networking, SQL Service, WEB Service, Exchange Server, Netmeeting, and Miscellaneous. These are all stored in the config.xml file, and you can add your own tests to that file easily. In short, this is another cool tool worth checking out.
You might also enjoy:
