Forest Query

Mastering DsQuery: Fast Domain Controller Auditing

Posted on Updated on

Using the GUI to find specific servers in a large forest can be time-consuming. DsQuery Server provides a lightning-fast way to extract this data directly from the Command Prompt. Whether you need a list of Global Catalogs or want to find the Schema Master, these commands will save you hours of clicking.

1. Locating Domain Controllers in the Forest

To get a quick list of every DC across all domains in your entire forest, you can use the -Forest switch.

  • To get the full Distinguished Name (DN): DsQuery Server -Forest
  • To get just the Relative Distinguished Name (RDN): DsQuery Server -o rdn -Forest

2. Targeting a Specific Domain

If you only want to see the controllers within a specific domain, use the -domain switch: DsQuery Server -domain lazyadminblog.com

3. Finding Global Catalog (GC) Servers

Global Catalogs are vital for forest-wide searches. To find which DCs in a specific domain are configured as GCs: DsQuery Server -domain lazyadminblog.com -isgc

4. Finding FSMO Role Holders

Instead of opening multiple MMC snap-ins, you can find the FSMO role holders directly. For example, to find the server holding the Schema Master role for the forest: DsQuery Server -Forest -hasfsmo schema

Note: You can replace schema with naming, pdc, rid, or infrastructure to find other role holders.

5. Exporting your Results

The most useful way to use DsQuery is to pipe the results into a text file for documentation or further scripting. Use the > operator to save your output: DsQuery Server -Forest > C:\Logs\AllDCs.txt

#ActiveDirectory #DsQuery #SysAdmin #WindowsServer #ITPro #CodingAdmin #ServerAudit #LazyAdmin #TechTips #DataCenter

This entry was posted in Windows and tagged , , , , , , , , .