You are working/discovering at a client site and you want to determine the domain controllers.
There are many many sources and methods to skin this cat. Here is a digest of a few of the best methods.
nslookup from command line
nslookup
set type=all
_ldap._tcp.dc._msdcs.DOMAIN_NAME
*probably the most standard, all you need is any Windows machine
from command line
set l (Lowercase "L")
*will only show the domain controller that authenticated you - does not show all domain controllers
From command line
gpresult /r
*will only show the domain controller that provided group policy to you at logon - does not show all domain controllers
From PowerShell
Import-Module ActiveDirectory
Get-ADDomainController | select name
*assumes you have RSAT and powershell installed
*only shows a domain controller not all domain controllers
My personal favorite
From command line
nstest /dclist:domain
*shows all domain controllers and their AD site
No comments:
Post a Comment