Skip to main content

How to Get the FQDN (Fully Qualified Domain Name) in Batch Script

The %COMPUTERNAME% environment variable gives you the short name of a machine (e.g., WORKSTATION01). However, in a corporate environment or for server-to-server communication, you need the FQDN (Fully Qualified Domain Name). The FQDN combines the computer's name with its DNS suffix (e.g., WORKSTATION01.corp.example.com). This is essential for generating security certificates, configuring web servers, or connecting to network databases where the short name might not resolve across different network segments.

This guide will explain how to extract the FQDN using several native Batch methods.

Method 1: Using WMIC (Most Reliable)

The WMI interface stores both the computer name and the domain name separately. We can concatenate them to get the FQDN.

@echo off
setlocal enabledelayedexpansion

set "cname="
set "domain="

:: Get Computer Name and Domain
:: WMIC /value output contains trailing carriage returns - use a nested FOR to strip them
for /f "tokens=2 delims==" %%a in ('wmic computersystem get name /value 2^>nul') do (
    for /f "delims=" %%b in ("%%a") do set "cname=%%b"
)
for /f "tokens=2 delims==" %%a in ('wmic computersystem get domain /value 2^>nul') do (
    for /f "delims=" %%b in ("%%a") do set "domain=%%b"
)

:: Validate results
if not defined cname (
    echo [ERROR] Could not retrieve computer name via WMIC.
    pause
    endlocal
    exit /b 1
)

:: Check for workgroup (no domain) scenario
if not defined domain (
    set "FQDN=!cname!"
    echo [WARN] No domain detected - machine may be in a WORKGROUP.
) else if /i "!domain!"=="WORKGROUP" (
    set "FQDN=!cname!"
    echo [WARN] Machine is in a WORKGROUP. FQDN is just the hostname.
) else (
    set "FQDN=!cname!.!domain!"
)

echo.
echo [SYSTEM] Short Name: !cname!
echo [SYSTEM] Domain:     !domain!
echo [SYSTEM] FQDN:       !FQDN!

pause
endlocal
Why the nested FOR loop?

WMIC's /value output appends invisible carriage return characters (\r) to each line. Without stripping them, your variables silently contain trailing garbage that breaks string concatenation, WORKSTATION01\r.corp.example.com\r is not a valid hostname.

Method 2: Parsing IPCONFIG (The Fast Way)

ipconfig /all lists the "Primary DNS Suffix" and the "Host Name." By joining these, we can reconstruct the FQDN.

@echo off
setlocal enabledelayedexpansion

set "host="
set "suffix="

for /f "tokens=2 delims=:" %%a in ('ipconfig /all ^| findstr /c:"Host Name"') do set "host=%%a"
for /f "tokens=2 delims=:" %%a in ('ipconfig /all ^| findstr /c:"Primary Dns Suffix"') do set "suffix=%%a"

:: Remove leading spaces left by the colon delimiter
if defined host set "host=!host:~1!"
if defined suffix set "suffix=!suffix:~1!"

:: Validate
if not defined host (
    echo [ERROR] Could not parse hostname from ipconfig.
    pause
    endlocal
    exit /b 1
)

:: Handle missing suffix (workgroup or no domain)
if not defined suffix (
    set "FQDN=!host!"
    echo [WARN] No DNS suffix found - machine may not be domain-joined.
) else if "!suffix!"==" " (
    set "FQDN=!host!"
    echo [WARN] DNS suffix is blank - machine may not be domain-joined.
) else (
    set "FQDN=!host!.!suffix!"
)

echo.
echo [SYSTEM] Host Name:  !host!
echo [SYSTEM] DNS Suffix: !suffix!
echo [SYSTEM] FQDN:       !FQDN!

pause
endlocal

Method 3: Using PowerShell (Modern Standard)

PowerShell has a built-in property specifically for the FQDN, making it the most accurate method for complex domain environments.

note

GetHostByName() is deprecated in .NET. The modern replacement is GetHostEntry(), which handles IPv6 and complex DNS configurations correctly.

@echo off
setlocal

set "FQDN="

:: Use GetHostEntry (modern) instead of GetHostByName (deprecated)
:: -NoProfile speeds up PowerShell launch
for /f "delims=" %%a in ('powershell -NoProfile -Command ^
  "try { [System.Net.Dns]::GetHostEntry($env:COMPUTERNAME).HostName } catch { Write-Output 'ERROR' }"') do set "FQDN=%%a"

if not defined FQDN (
    echo [ERROR] PowerShell command returned no output.
    pause
    endlocal
    exit /b 1
)

if /i "%FQDN%"=="ERROR" (
    echo [ERROR] DNS resolution failed for %COMPUTERNAME%.
    pause
    endlocal
    exit /b 1
)

echo.
echo [SYSTEM] Detected FQDN: %FQDN%

pause
endlocal

How to Avoid Common Errors

Wrong Way: Assuming %USERDOMAIN% is the DNS Suffix

The %USERDOMAIN% variable refers to the Windows NetBIOS domain name (e.g., CORP), not the full DNS domain (e.g., corp.example.com). Using this for networking will often lead to resolution failures.

Correct Way: Use Method 1 or Method 3 to get the actual DNS-compliant domain string.

Wrong Way: Using WMIC Output Directly Without Stripping

WMIC's /value format appends invisible carriage return characters (\r) to every line. If you capture the output with a single FOR /F loop, your variables will contain hidden trailing characters that corrupt string operations silently.

Correct Way: Use a nested FOR /F loop to strip the carriage returns:

for /f "tokens=2 delims==" %%a in ('wmic ... /value') do (
    for /f "delims=" %%b in ("%%a") do set "var=%%b"
)

Problem: Workgroup Computers

If a computer is not joined to a domain (it is in a "WORKGROUP"), the FQDN is just the computer name itself.

Solution: Your script should check if the domain string is empty or equal to "WORKGROUP" and adjust the output accordingly. All three methods above now handle this case.

Best Practices and Rules

1. Case Sensitivity

While DNS names are technically case-insensitive, professional automation scripts usually convert the FQDN to lowercase for consistency in configuration files. The most reliable way in Batch is through PowerShell:

for /f %%a in ('powershell -NoProfile -Command "'%FQDN%'.ToLower()"') do set "FQDN_LOW=%%a"

2. Permissions

Querying the computersystem class via WMIC (Method 1) works for all users, but some network configurations might hide the DNS suffix if the user doesn't have proper permission.

3. Verification

If your script is using the FQDN for a network connection, perform a quick nslookup on the resulting string to ensure it actually resolves correctly:

nslookup %FQDN% >nul 2>&1
if %errorlevel% neq 0 echo [WARN] FQDN does not resolve in DNS.

4. WMIC Deprecation

Microsoft has deprecated WMIC starting in Windows 11. For forward-compatible scripts, prefer Method 3 (PowerShell) or use the Get-CimInstance cmdlet as a WMIC replacement:

powershell -NoProfile -Command "(Get-CimInstance Win32_ComputerSystem).Name + '.' + (Get-CimInstance Win32_ComputerSystem).Domain"

Conclusions

Obtaining the Fully Qualified Domain Name is a foundational step in creating network-aware Batch scripts. By moving beyond the simple computer name and utilizing the full DNS identity of a machine, you ensure that your scripts are compatible with professional enterprise environments and cross-network communication. This precision is vital for identity management, security auditing, and maintaining robust connections across your infrastructure.

Table of Contents