Today’s script is about domain controllers.
Getting a list of them is more complicated then expected.
What we need is a list of “nTDSDSA” servers.
That list does not the servname itself, it gives the distinguished name of the “nTDSDSA” object.
The abstraction of the servername is done by connecting to the parent object of the “nTDSDSA” object.

Follow the next steps to run the script (no admin rights needed):

• copy and paste the script in your favorite text editor
• save the script (for example c:\temp\listdomaincontrollers.vbs)
• open a command prompt
• go to “c:\temp”
• give “cscript listdomaincontrollers.vbs” (without quotes) and enter

The script:

' Name : listdomaincontrollers.vbs
' Description : script to enumerate all Domain Controllers
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 22-04-2010
' Level: intermediate

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("configurationnamingcontext") & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "ADsPath"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
	Set objDC = GetObject(GetObject(adoRecordset.Fields("ADsPath")).Parent)
	Wscript.Echo objDC.cn
	Set objDC = Nothing
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply or give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV