Active Directory

Query Domain Controler List

Lookup Domain Controllers ^[1]

nslookup
 set type=all
  _ldap._tcp.dc._msdcs.DOMAIN_NAME

nslookup -querytype=all  _ldap._tcp.dc._msdcs.DOMAIN_NAME

dig _ldap._tcp.dc._msdcs.DOMAIN_NAME  any

nltest /dclist:DOMAIN_NAME

gpresult /z

net time /domain

Import-Module ActiveDirectory
(Get-ADDomainController -DomainName <Domain FQDN> -Discover -NextClosestSite).HostName

nslookup -type=any %userdnsdomain%

nslookup -type=srv _kerberos._tcp.EXMAPLE.COM
nslookup -type=srv _kpasswd._tcp.EXAMPLE.COM
nslookup -type=srv _ldap._tcp.EXAMPLE.COM
nslookup -type=srv _ldap._tcp.dc._msdcs.EXAMPLE.COM

• _kerberos._tcp and _kpasswd._tcp (also under UNIX/Linux/OSX+some windows networks has _kadmin._tcp) are for kerberos
• _ldap._tcp is for ldap (openldap, opendc, sun/oracle directory, ms ad)
• _LDAP._TCP.dc._msdcs is the Microsoft only extension to ldap to map the domain controller.

@REM TestAdDnsRecords.cmd:
@setlocal
@REM Test AD DNS domains for presence.
@REM For details see: http://serverfault.com/a/811622/253701

nslookup -type=srv _kerberos._tcp.%userdnsdomain%.
nslookup -type=srv _kerberos._udp.%userdnsdomain%.
@echo .

nslookup -type=srv _kpasswd._tcp.%userdnsdomain%.
nslookup -type=srv _kpasswd._udp.%userdnsdomain%.
@echo .

nslookup -type=srv _ldap._tcp.%userdnsdomain%.
@echo .

nslookup -type=srv _ldap._tcp.dc._msdcs.%userdnsdomain%.
@echo .

nslookup -type=srv _ldap._tcp.pdc._msdcs.%userdnsdomain%.
@echo .

@REM Those next few lines here are forest specific:
@REM Change the next line if your current domain is not also the forest root.
@SET "DNSFORESTNAME=%USERDNSDOMAIN%"

nslookup -type=srv _ldap._tcp.gc._msdcs.%DNSFORESTNAME%.
@echo .

nslookup -type=srv _gc._tcp.%DNSFORESTNAME%.