How to List Active Directory Domain Controllers in Batch Script
In a Windows Active Directory (AD) environment, Domain Controllers (DCs) are the servers that handle authentication requests and store the AD database. Knowing how to find a list of all the DCs in your domain is a critical task for any administrator. Scripts may need this list to query each DC for its health, to find the closest DC for an operation, or simply to perform an inventory of the network infrastructure.
This guide will teach you how to use the powerful, built-in nltest.exe command to quickly and reliably get a list of all Domain Controllers. You will also learn about the dsquery alternative and see how to capture the DC list into a variable for use in your automation scripts.
Prerequisites: AD Tools and Permissions
nltest.exe: This command is installed by default on all Windows Server versions. On client operating systems (like Windows 10/11), it is part of the Remote Server Administration Tools (RSAT), which must be installed separately.dsquery.exe: This command is also part of the RSAT tools.- Permissions: You must run the script on a domain-joined computer and be logged in as a domain user. Standard Domain User permissions are sufficient to read the list of DCs.
The Core Method (Recommended): nltest
The nltest.exe (Net Logon Test) utility is a classic and highly reliable tool for querying Active Directory information. It is fast, efficient, and provides a clean output that is easy to work with.
Syntax: nltest /dclist:<DomainName>
/dclist: This switch tells the command to list the Domain Controllers.<DomainName>: The full DNS name of your Active Directory domain (e.g.,mycorp.local).
The Alternative Method: dsquery
The dsquery.exe command is a more general-purpose tool for querying any object in Active Directory. It can also find DCs, but its syntax is more complex, and it is often slightly slower than nltest.
Syntax: dsquery server
This command queries AD for all objects that are of the type "server" (which includes all Domain Controllers).
Basic Example: Displaying All DCs in the Domain
This script runs the recommended nltest command to get a list of all DCs for a specified domain.
@ECHO OFF
SET "DOMAIN_NAME=mycorp.local"
ECHO --- Listing all Domain Controllers for %DOMAIN_NAME% ---
ECHO.
nltest /dclist:%DOMAIN_NAME%
The output is a clean, easy-to-read list of the DC names and their roles.
--- Listing all Domain Controllers for mycorp.local ---
Get list of DCs in domain mycorp.local from \\DC-01.mycorp.local.
DC-01.mycorp.local [DS] Site: Default-First-Site-Name
DC-02.mycorp.local [DS] Site: Default-First-Site-Name
The command completed successfully
How to Capture the DC List in a Script
To use the list of servers in a script (e.g., to loop through them), you need to capture the output of the command. A FOR /F loop is perfect for this, as it can parse the output and extract just the server names.
This script populates a pseudo-array with the names of all the Domain Controllers.
@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "DOMAIN_NAME=mycorp.local"
SET "count=0"
ECHO --- Capturing a list of Domain Controllers ---
ECHO.
REM 'tokens=1' grabs the first word of each relevant line.
REM The FINDSTR filters out the header and footer lines.
FOR /F "tokens=1" %%D IN ('nltest /dclist:%DOMAIN_NAME% ^| findstr "Site:"') DO (
SET /A "count+=1"
SET "DC[!count!]=%%D"
)
ECHO Found %count% Domain Controllers:
FOR /L %%i IN (1,1,%count%) DO (
ECHO !DC[%%i]!
)
ENDLOCAL
How the Command nltest Works
The nltest /dclist command performs a special DNS query. It asks the DNS server for the _ldap._tcp.dc._msdcs.<DomainName> SRV records. Active Directory relies on DNS to function, and every Domain Controller is required to register its presence in DNS. The nltest command simply reads this public list of registered servers from DNS, making it a very fast and efficient way to discover all the DCs in a domain.
Common Pitfalls and How to Solve Them
Problem: The Commands are Not Recognized
If you see a ...'nltest' is not recognized... error, it means the tool is not available.
Solution:
- If you are on a Windows Server, ensure it has the Active Directory Domain Services role or the AD DS Tools feature installed.
- If you are on a Windows Client (10/11), you must install the RSAT for Active Directory optional feature.
Problem: The Script is Not Run as a Domain User
If you run the script on a non-domain-joined machine or as a local user, it will fail because it cannot contact the domain's DNS to find the list of servers.
Solution: You must run this script from a computer that is a member of the Active Directory domain, and you must be logged in with a domain user account.
Practical Example: A Script to Ping All Domain Controllers
This is a classic administrative health check. The script gets the list of all DCs and then runs a PING command against each one to verify basic network connectivity.
@ECHO OFF
SETLOCAL
SET "DOMAIN_NAME=mycorp.local"
ECHO --- Pinging All Domain Controllers in %DOMAIN_NAME% ---
ECHO.
REM --- Use the FOR /F loop to iterate directly through the output ---
FOR /F "tokens=1" %%D IN ('nltest /dclist:%DOMAIN_NAME% ^| findstr "Site:"') DO (
ECHO ==========================================================
ECHO Pinging %%D...
PING -n 2 %%D
ECHO.
)
ECHO --- All DCs have been checked ---
ENDLOCAL
Conclusion
Knowing how to find a list of Domain Controllers is a fundamental skill for any Windows administrator.
Key takeaways for scripting:
- The
nltest /dclist:<DomainName>command is the fastest and most reliable method for getting a list of DCs. - You must run the script on a domain-joined machine as a domain user.
- On client machines, you must install the RSAT for Active Directory to get the
nltest.exetool. - Use a
FOR /Floop to capture the command's output and iterate through the list of servers for automation.