{"id":70793,"date":"2004-12-16T10:16:00","date_gmt":"2004-12-16T10:16:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2004\/12\/16\/how-can-i-get-a-list-of-all-the-domain-controllers-in-my-domain\/"},"modified":"2004-12-16T10:16:00","modified_gmt":"2004-12-16T10:16:00","slug":"how-can-i-get-a-list-of-all-the-domain-controllers-in-my-domain","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-get-a-list-of-all-the-domain-controllers-in-my-domain\/","title":{"rendered":"How Can I Get a List of All the Domain Controllers in My Domain?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! Is it possible to get a list of all the domain controllers in my domain?

— KT<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, KT. As a matter of fact, there are at least two ways to get a list of all domain controllers in your domain. The first way is pretty easy, but not guaranteed; depending on how you\u2019ve set up Active Directory, you could miss a few of your domain controllers. The second way is a little bit more complicated, but barring any unforeseen circumstances, should always return a list of all<\/I> your domain controllers.<\/P>\n

Let\u2019s take a look at the easy way first. By default, the Active Directory computer account for a domain controller is stored in the Domain Controllers OU. If that\u2019s where all your domain controllers accounts are stored, then you can retrieve your list just by enumerating the computer accounts in that OU:<\/P>

Set objOU = GetObject(\u201cLDAP:\/\/ou=Domain Controllers, dc=fabrikam, dc=com\u201d)\nobjOU.Filter = Array(\u201cComputer\u201d)\nFor Each objComputer in objOU\n    Wscript.Echo objComputer.CN\nNext\n<\/PRE>\n
The preceding script binds to the Domain Controllers OU and applies a filter to ensure that only computer accounts are returned. A simple For Each loop then walks us through the collection of returned computer accounts, echoing the CN (Common Name) for each one.<\/P>\n
So what\u2019s wrong with this script? Well, maybe nothing. However, it\u2019s possible that you have domain controller accounts located elsewhere in Active Directory; if so, this script won\u2019t do you much good. Likewise, it\u2019s possible that you might have other computer accounts (such as those for member servers) in the Domain Controllers; if so, this script will mistakenly identify those computers as domain controllers. That\u2019s because the script is just looking for computer accounts, period. <\/P>\n
So what\u2019s a more sure-fire way to get a list of all your domain controllers? Well, if you\u2019re a regular reader of Hey, Scripting Guy!<\/I> then you probably already guessed the answer: search Active Directory.<\/P>\n
We know, sometimes it sounds like \u201cSearch Active Directory\u201d is our standard response to any<\/I> question. But, hey, Active Directory is a veritable storehouse of information, and it only makes sense to tap into that storehouse any chance you get. You want a list of all the domain controllers in a domain? Then run this script:<\/P>
On Error Resume Next<\/p>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
Set objRootDSE = GetObject(“LDAP:\/\/RootDSE”)\nstrConfigurationNC = objRootDSE.Get(“configurationNamingContext”)<\/p>\n
Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand =   CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n
objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n
objCommand.CommandText = _\n    “SELECT ADsPath FROM ‘LDAP:\/\/” & strConfigurationNC & “‘ WHERE objectClass=’nTDSDSA'”  \nSet objRecordSet = objCommand.Execute<\/p>\n
objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n    Set objParent = GetObject(GetObject(objRecordset.Fields(“ADsPath”)).Parent)\n    WScript.Echo objParent.CN\n    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
Ok, so it is a little<\/I> more complicated, but it works and it will find all the domain controllers regardless of the location of their Active Directory accounts. The script starts out by binding to RootDSE and then connecting to the configuration naming context for the domain. (The configuration naming context – or configuration directory partition – holds information of global interest; for example, you\u2019ll find things like the default configuration and policy information for all instances of a given service in the forest.)<\/P>\n
From there we do a typical Active Directory search: we want to get the ADsPath for all nTDSDSA objects in the configuration naming context. For our purposes, nTDSDSA is short (in a roundabout way) for Directory System Agent, the software responsible – among other things – for providing access to the directory service. Which, of course, is exactly what a domain controller does.<\/P>\n
Note, however, that a list of all the nTDSDSA objects is not the same thing as a list of all our domain controllers. The ADsPath to an nTDSDSA object tells us how to find that object in Active Directory; what it doesn\u2019t<\/I> tell us is the name of the computer that object is installed on (and if you have the nTDSDSA object installed, then you must be a domain controller). To determine the computer name, we have this crazy line of code:<\/P>
Set objParent = GetObject(GetObject(objRecordset.Fields(“ADsPath”)).Parent)\n<\/PRE>\n
What we\u2019re doing here is first binding to an nTDSDSA object, and then immediately binding to that object\u2019s Parent<\/B>. In the case of the nTDSDSA object, the Parent object is the actual computer itself; in other words, binding to the nTDSDSA Parent binds us to the computer account (which, remember, has to be a domain controller, or it wouldn\u2019t have the nTDSDSA object). At that point, we\u2019ve finally reached a domain controller, and all we have to do then is echo back the CN for this computer. We then repeat the loop until we\u2019ve handled all the nTDSDSA objects and – by extension – all the domain controllers in the domain.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! Is it possible to get a list of all the domain controllers in my domain?— KT Hey, KT. As a matter of fact, there are at least two ways to get a list of all domain controllers in your domain. The first way is pretty easy, but not guaranteed; depending on how […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,168,3,5],"class_list":["post-70793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-domains","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! Is it possible to get a list of all the domain controllers in my domain?— KT Hey, KT. As a matter of fact, there are at least two ways to get a list of all domain controllers in your domain. The first way is pretty easy, but not guaranteed; depending on how […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=70793"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70793\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=70793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=70793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=70793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}