AD

Finding Domain Controllers and Global Catalogs via CMD

10th May 2019 /

Domain controllers and global catalog servers are represented in DNS as SRV records. You can query SRV records using nslookup by setting the type=SRV.

 nslookup
   Default Server:  pugazh.in
   Address:  10.0.0.10
   set type=SRV

This query retrieves all domain controllers from domain DNS. 
   _ldap._tcp.<Domain DNSNames> 
    
This query retrieves global catalogs, but forest-wide. 
   _gc._tcp.<Forest DNS Name> 

Find the domain controllers or global catalogs that are in a particular site
   _ldap._tcp.._sites.<Domain DNSNames>
   _gc._tcp.._sites.<Forest DNS Name>



Leave a Reply

Your email address will not be published. Required fields are marked *