' EnumDCs2.vbs ' VBScript program to enumerate all Domain Controllers in the domain. ' ' ---------------------------------------------------------------------- ' Copyright (c) 2009 Richard L. Mueller ' Hilltop Lab web site - http://www.rlmueller.net ' Version 1.0 - October 26, 2009 ' ' Program enumerates all Domain Controllers, their DNS host name, and ' the name of the site they reside in. ' ' You have a royalty-free right to use, modify, reproduce, and ' distribute this script file in any way you find useful, provided that ' you agree that the copyright owner above has no warranty, obligations, ' or liability for such use. Option Explicit Dim objRootDSE, strDNSDomain, adoConnection, adoCommand, strQuery Dim strFilter, strAttributes, adoRecordset, strDN, strDNSHostName Dim strName, strBase ' Determine DNS domain name. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") ' Use ADO to search Active Directory. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" adoCommand.ActiveConnection = adoConnection ' Search entire domain. strBase = "" ' Filter on DC's. strFilter = "(&(objectCategory=computer)" _ & "(userAccountControl:1.2.840.113556.1.4.803:=8192))" ' Comma delimited list of attribute values to retrieve. strAttributes = "distinguishedName,sAMAccountName,dNSHostName" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False Set adoRecordset = adoCommand.Execute Do Until adoRecordset.EOF strDN = adoRecordset.Fields("distinguishedName").Value strName = adoRecordset.Fields("sAMAccountName").Value ' Remove trailing "$" character. strName = Left(strName, Len(strName) - 1) strDNSHostName = adoRecordset.Fields("dNSHostName").Value Wscript.Echo "Domain Controller: " & strName _ & vbCrLf & " Distinguished Name: " & strDN _ & vbCrLf & " DNS Host Name: " & strDNSHostName adoRecordset.MoveNext Loop ' Clean up. adoRecordset.Close adoConnection.Close Wscript.Echo "Done"