Active Directory
Jump to navigation
Jump to search
Query Domain Controler List
Lookup Domain Controllers [1]
nslookup set type=all _ldap._tcp.dc._msdcs.DOMAIN_NAME
nslookup -querytype=all _ldap._tcp.dc._msdcs.DOMAIN_NAME
dig _ldap._tcp.dc._msdcs.DOMAIN_NAME any
nltest /dclist:DOMAIN_NAME
gpresult /z
net time /domain
Import-Module ActiveDirectory (Get-ADDomainController -DomainName <Domain FQDN> -Discover -NextClosestSite).HostName
nslookup -type=any %userdnsdomain%
nslookup -type=srv _kerberos._tcp.EXMAPLE.COM nslookup -type=srv _kpasswd._tcp.EXAMPLE.COM nslookup -type=srv _ldap._tcp.EXAMPLE.COM nslookup -type=srv _ldap._tcp.dc._msdcs.EXAMPLE.COM
- _kerberos._tcp and _kpasswd._tcp (also under UNIX/Linux/OSX+some windows networks has _kadmin._tcp) are for kerberos
- _ldap._tcp is for ldap (openldap, opendc, sun/oracle directory, ms ad)
- _LDAP._TCP.dc._msdcs is the Microsoft only extension to ldap to map the domain controller.
@REM TestAdDnsRecords.cmd: @setlocal @REM Test AD DNS domains for presence. @REM For details see: http://serverfault.com/a/811622/253701 nslookup -type=srv _kerberos._tcp.%userdnsdomain%. nslookup -type=srv _kerberos._udp.%userdnsdomain%. @echo . nslookup -type=srv _kpasswd._tcp.%userdnsdomain%. nslookup -type=srv _kpasswd._udp.%userdnsdomain%. @echo . nslookup -type=srv _ldap._tcp.%userdnsdomain%. @echo . nslookup -type=srv _ldap._tcp.dc._msdcs.%userdnsdomain%. @echo . nslookup -type=srv _ldap._tcp.pdc._msdcs.%userdnsdomain%. @echo . @REM Those next few lines here are forest specific: @REM Change the next line if your current domain is not also the forest root. @SET "DNSFORESTNAME=%USERDNSDOMAIN%" nslookup -type=srv _ldap._tcp.gc._msdcs.%DNSFORESTNAME%. @echo . nslookup -type=srv _gc._tcp.%DNSFORESTNAME%.