Domain Controllers

This details various different techniques and methods required to enumerate domain controllers within Active Directory.

Get all domain controllers inside the domain corp.contoso.local

C:\> nltest /dclist:corp.contoso.local

C:\> nslookup -type=all _ldap._tcp.dc._msdcs.corp.contoso.local

C:\> net group "domain controllers" /domain

C:\>echo %LOGONSERVER%

C:\> nltest /dsgetdc:corp.contoso.local

PS C:\> Get-DomainController

PS C:\> Get-DomainComputer CDC001

PS C:\> ([ADSISearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))").FindAll()

Last updated 3 years ago