You want to find the closest domain controller for a particular domain.
The following command finds the closest domain controller in the specified domain (<DomainDNSName>). By default, it will return the closest DC for the computer nltest is being run from, but you can optionally use the /server option to target a remote host. You can also optionally specify the /site option to find a domain controller that belongs to a particular site.
> nltest /dsgetdc:<DomainDNSName> [/site:<SiteName>] [/server:<ClientName>]
' This code finds the closest domain controller in the domain ' that the computer running the script is in. ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g. emea.rallencorp.com ' ------ END CONFIGURATION --------- set objIadsTools = CreateObject("IADsTools.DCFunctions") objIadsTools.DsGetDcName( Cstr(strDomain) ) Wscript.Echo "DC: " & objIadsTools.DCName Wscript.Echo "DC Site: " & objIadsTools.DCSiteName Wscript.Echo "Client Site: " & objIadsTools.ClientSiteName
The DC locator process as described in MS KB 314861 and MS KB 247811 defines how clients find the closest domain controller. The process uses the site topology stored in Active Directory to calculate the site a particular client is in. After the client site has been identified, then it is a matter of finding a domain controller that is either a member of that same site or that is covering for that site.
The Microsoft DsGetDcName Directory Services API method implements the DC Locator process, but unfortunately cannot be used directly from a scripting language, such as VBScript. The IADsTools interface provides a wrapper around DsGetDcName, which is what I used. The nltest /dsgetdc command is also a wrapper around the DsGetDcName method, and is a handy tool when troubleshooting client issues related to finding an optimal domain controller.
You can use nltest to return the closest domain controller that is serving a particular function. Some of the available functions include a global catalog server (/GC switch), time server (/TIMESERV switch), KDC (/KDC switch), and PDC (/PDC switch). Run nltest /? from a command line for the complete list.
Similar to nltest, you can specify additional criteria for finding a domain controller by calling the SetDsGetDcNameFlags method before calling DsGetDcName. SetDsGetDcNameFlags accepts a comma-delimited string of the following flags:
For more information on the IADsTools interface see IadsTools.doc in the Support Tools, MS KB 247811 (How Domain Controllers Are Located in Windows), MS KB 314861 (How Domain Controllers Are Located in Windows XP), MSDN: DsGetDcName, and MSDN: MicrosoftDNS