53

For Linux, this command should return the DNS record for the LDAP server

host -t srv _ldap._tcp.DOMAINNAME

(found at Authenticating from Java (Linux) to Active Directory using LDAP WITHOUT servername)

How could I get the same on the Windows command line using nslookup?

I tried

nslookup -type srv _ldap._tcp.DOMAINNAME

(following http://support.microsoft.com/kb/200525), would this be correct?

mjn
  • 933
  • 2
  • 12
  • 26

7 Answers7

72

You need to use an = after -type:

nslookup -type=srv _ldap._tcp.DOMAINNAME
Phil Ross
  • 7,009
  • 2
  • 23
  • 19
15

In cmd shell:

nslookup 
set types=all
_ldap._tcp
BE77Y
  • 2,577
  • 3
  • 17
  • 23
MattieuBGepi
  • 151
  • 1
  • 4
  • 8
    Or, in one line `nslookup -type=all _ldap._tcp`. Wanted so I could redirect output to a file. – dsz Jul 27 '16 at 00:58
8

None of the above worked for me, I got every time an error like this (I've tried with all the combinations I can think of with the domain names):

*** Unknown can't find _ldap._tcp: Non-existent domain

So another google search pointed to this method:

nltest /dclist:yourdomain.com

And this results in the list of the different servers in my network. Hope this saves an additional 2 minutes for someone else.

Cross
  • 295
  • 1
  • 4
  • 8
  • nltest returned the correct information when using the "short" domain name, this short name did not resolve on the nslookup query – Erik Oppedijk Oct 25 '19 at 09:07
5

How to verify Service Location (SRV) locator resource records for a domain controller after you install the Active Directory directory service.

Use Nslookup to verify the SRV records, follow these steps:

  1. Click Start, and then click Run.

  2. In the Open box, type cmd.

  3. Type nslookup, and then press ENTER.

  4. Type set type=all, and then press ENTER.

  5. Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and then press ENTER.

jim31415
  • 181
  • 1
  • 5
2

Get-ADDomainController will list your domain controllers from domain If you want to check it from another domain then use -server switch.

get-addomaincontroller -server "domain"
Davidw
  • 1,210
  • 3
  • 14
  • 24
0

Windows cmd prompt uses "query" instead of "type" for some forsaken reason. Interactive nslookup still uses "set type=srv".

nslookup -query=srv _ldap._tcp.DOMAINNAME

EDIT: while "query" works it seems that I am 100% wrong. "type" works too.

Andy
  • 1,101
  • 1
  • 7
  • 10
  • Are you sure about that? `nslookup -type=srv _ldap._tcp.DOMAINNAME` works as expected on Windows. – jscott Sep 07 '14 at 04:29
0

"nslookup -query=srv _ldap._tcp.DOMAINNAME" worked for me, tried nslookup -type=srv _ldap._tcp.DOMAINNAME and didn't work.

Server 2008 R2

Jim
  • 1