How to find a Global Catalog server

With DNS Requests (NSLOOKUP)

In an Active Directory environment, all Global Catalogs are anchored in DNS . There is a separate subdomain 'GC._msdcs ....' in the namespace of the AD root domain (please remember: the global catalog does not refer to individual domains, but to the entire forest). So if your root domain in the forest is e.g. example.root, then you get a list of all GCs with this command:

 
 
C:\> nslookup gc._msdcs.example.root

 Server:  dns01.example.root
 Address:  10.127.60.3

 Name:  gc._msdcs.example.root
 Adresses:    10.127.60.100
10.127.60.102
10.127.60.103
10.127.77.1
10.127.77.130
10.127.93.2
10.127.93.12
192.168.35.1

 
 


The container _msdcs contains the infrastructural DNS records of the Active Directory. This is also where all the SRVservice records for the domain controllers are stored.


With DSQUERY

You can also use the standard command line tool DSQUERY for searching GCs. The search can be limited to certain domains or AD sites. However, you must be authenticated in the regarding forest and DSQUERY must be available on your machine (this is usually the case on Widows servers). As a result, the server objects in the Configuration partition is displayed:


 
 
C:\> dsquery server -isgc

 "CN=DC001,CN=Servers,CN=Site-Sidney,CN=Sites,CN=Configuration,DC=example,DC=root"
 "CN=DC014,CN=Servers,CN=Site-Auckland,CN=Sites,CN=Configuration,DC=example,DC=root"
 ...

 C:\> dsquery server -isgc -domain "dev.example.com"
 ...

 C:\> dsquery server -isgc -site "Site-Auckland"
 ...