You want to find domain controllers or global catalogs using DNS lookups.

Domain controllers and global catalog servers are represented in DNS as SRV records. You can query SRV records using nslookup by setting the type=SRV, such as the following:

> nslookup
Default Server:  dns01.rallencorp.com
Address:  10.1.2.3

> set type=SRV

You then need to issue the following query to retrieve all domain controllers for the specified domain.

> _ldap._tcp.<DomainDNSName>

You can issue a similar query to retrieve global catalogs, but since they are forest-wide, the query is based on the forest name.

> _gc._tcp.<ForestDNSName>

You can even find the domain controllers or global catalogs that are in a particular site or that cover a particular site by querying the following:

> _ldap._tcp.<SiteName>._sites.<DomainDNSName>
> _gc._tcp.<SiteName>._sites.<ForestDNSName>

See Recipe 11.18 for more information on site coverage.

One of the benefits of Active Directory over its predecessor Windows NT is that it relies on DNS for name resolution. Active Directory uses DNS to locate servers that serve a particular function, such as a domain controller for a domain, global catalog server, PDC Emulator, KDC. It also uses the site topology information stored in Active Directory to populate site-specific records for domain controllers.

The DC locator process relies on this information in DNS to direct clients to the most optimal server when ...