You want to find the domain controllers in a domain.
Open the Active Directory Users and Computers snap-in.
Connect to the target domain.
Click on the Domain Controllers OU.
The list of domain controllers for the domain will be present in the right pane.
> netdom query dc /Domain:<DomainDNSName>
' This code displays the domain controllers for the specified domain. ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g. emea.rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext")) strMasteredBy = objDomain.GetEx("masteredBy") for each strNTDSDN in strMasteredBy set objNTDS = GetObject("LDAP://" & strNTDSDN) set objServer = GetObject(objNTDS.Parent) Wscript.echo objServer.Get("dNSHostName") next
There are several ways to get a list of domain controllers for a domain. The GUI solution simply looks at the computer objects in the Domain Controllers OU. Whenever you promote a domain controller into a domain, a computer object for the server gets placed into the Domain Controllers OU off the root of the domain. Some administrators may move their domain controller computer objects to different OUs, so this test does not guarantee accuracy in all cases.
The CLI and VBScript solutions take a slightly different approach by looking at the masteredBy attribute on the domain object (e.g., dc=emea,dc=rallencorp,dc=com) of the domain. The masteredBy attribute contains a list of distinguished names of the nTDSDSA objects of all the domain controllers for that domain. The parent object of the nTDSDSA object, which is the server object of the domain controller, has a dNSHostName attribute that contains the fully qualified DNS name of the server.
And for yet another solution, see Recipe 3.21 to find out how to query DNS to get the list of domain controllers for a domain.
Recipe 3.21 for finding domain controllers via DNS