🎉 Today’s cybersecurity tips are live! Explore the Cybersecurity Awareness Month Series now.
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Active Directory

How to Get All Domain Controllers in Active Directory

A domain controller (DC) in Active Directory is a server used to handle user authentication, enforce security policies, and control access to domain resources. As the backbone of the AD environment, issues on any DC can cause logon failures, access disruptions, and replication inconsistencies. That’s why monitoring every DC regularly is essential. This guide explains how to find all domain controllers in Active Directory to maintain a reliable environment.

Solution 1
Solution 2
Solution 3
Solution 4
Important Tips
Errors and Resolution Steps
FAQs

Find Active Directory Domain Controllers Using ADUC

Active Directory Permission Required
Account Operators Least Privilege
Administrators Most Privilege
  • Open the Active Directory Users and Computers (ADUC) console, then in the left pane, right-click on Saved Queries, and select New»Query.
  • Provide a suitable name and description for the query, ensure that the Include subcontainers checkbox is selected, and then click Define Query.
  • Select Custom Search from the 'Find' drop-down box, navigate to the Advanced tab, and enter the following LDAP query to find all domain controllers. 
    (&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
  • Click OK to define the query, then click OK again to save and close the configuration window. The list of domain controllers in Active Directory will be displayed anytime when you select this saved query.
Find Active Directory Domain Controllers Using ADUC

Track Domain Controllers in Active Directory Using ADAC

Active Directory Permission Required
Account Operators Least Privilege
Administrators Most Privilege
  • Open the Active Directory Administrative Center (ADAC).
  • Navigate to the Global Search in the left pane, choose the Convert to LDAP radio button, and enter the following LDAP query.
    (&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
  • Click Apply to fetch all the DCs in Active Directory domain.
Track Domain Controllers in Active Directory Using ADAC

Get All Domain Controllers in Active Directory with PowerShell

Active Directory Permission Required
Domain Users Least Privilege
Administrators Most Privilege
  • Execute the following cmdlet to get all domain controllers in Active Directory.
  • Windows PowerShell Windows PowerShell 
     Get-ADDomainController -Filter * | Select-Object HostName, IPv4Address, Site, IsGlobalCatalog, IsReadOnly, OperatingSystem, Domain, Forest, OperationMasterRoles | Format-Table -AutoSize
  • This cmdlet retrieves all domain controllers in Active Directory along with their host name, IPv4 address, site name, operating system, etc.
Get All Domain Controllers in Active Directory with PowerShell
AdminDroid Active Directory Reporter

Instantly Track Domain Controllers in Active Directory for Efficient Management

AdminDroid’s Active Directory reporting tool provides crystal-clear visibility into all domain controllers, with AI-powered charts and rich filters that simplify analysis. Below are some of AdminDroid’s extensive capabilities that provide insights into every aspect of domain controllers to make their management more effective.

Monitor Domain Controller Logon Events to Detect Threats

Track all logons performed on DCs to analyze activity and identify logons from unusual locations or during off-hours.

Review Failed DC Logins to Detect Potential Threats

Audit failed logons on domain controller report to identify unauthorized attempts, such as brute-force attacks or lateral movement.

Review Active Directory Servers to Ensure System Compliance

List all Active Directory servers along with their types and roles, as they are critical resources for major tasks in the environment.

Review Group Membership of Domain Controllers in Active Directory

Use the computer group membership report to view all groups a domain controller belongs to and prevent security misconfigurations.

Apply Remediation on Users Vulnerable for DC Sync Attack

Find all users vulnerable to DC sync attacks to identify accounts with reversible password encryption and remediate them to reduce the risk of domain controller compromise.

Observe Server Shutdowns to Determine DC Power State

Filter server shutdown events for domain controllers to identify unplanned restarts and monitor scheduled maintenance activities.

In essence, the AdminDroid’s Active Directory management tool simplifies domain controller oversight by providing full visibility into login activities, operation changes, attacks, etc. Beyond securing domain controllers, it also delivers full AD management capabilities to monitor, analyze, and optimize the domain.

Explore a full range of reporting options
Download Live Demo

Important tips

Secure domain controllers against attack to protect data from unauthorized access, prevent modifications, and avoid destruction of your Active Directory.

Strategically position domain controllers within your Active Directory to ensure fast authentication, reliable replication, and high availability.

Use DCDiag to check the health of your Active Directory domain controllers and troubleshoot connectivity or replication issues quickly.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting tips when listing all domain controllers in Active Directory.

Error Get-WinEvent : The RPC server is unavailable

This error occurs when PowerShell cannot connect to a remote computer due to the computer being unreachable or the firewall blocking it.

Fix Make sure the remote computer is on, connected to the network, and that the RPC (Remote Procedure Call) service is running. After that, test the port dedicated to RPC (135). If the test fails, check the firewall and network connection. or whether RPC is blocked or disabled.
Test-NetConnection -ComputerName "<ComputerName>" -Port 135

Error Get-ADDomainController : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.

The error occurs because PowerShell cannot contact the domain controller, likely due to the server being offline, the name being incorrect, AD Web Services not running, or network/DNS issues.

Fix Ensure the domain controller is online, the name is correct, AD Web Services are running, and network/DNS connectivity allows access.

Error Move-ADDirectoryServerOperationMasterRole : Access is denied.

This error occurs when you don't have sufficient permissions to transfer FSMO roles.

Fix On a domain controller, run PowerShell as Administrator using a root domain admin account.
Active Directory
Frequently Asked Questions

Properly Understand and Manage Domain Controllers for Seamless Daily Operations

What are FSMO roles in Active Directory, and what are the different types?
How to determine which domain controller is the primary domain controller (PDC emulator)?
How to view or transfer FSMO roles using PowerShell?
What is the difference between a global catalog and FSMO roles in domain controllers?
How to make a domain controller a global catalog in Active Directory?
What happens when a domain controller goes down in Active Directory?

1. What are FSMO roles in Active Directory, and what are the different types?

Active Directory uses a multi-master replication model, where any domain controller (DC) can make changes, such as create users, reset passwords, etc. These changes replicate to other DCs so that if one DC is down, others can still handle most operations.

However, some operations cannot safely be performed on multiple DCs at the same time without risking conflicts. For these special tasks, AD designates a single DC as the ‘master’. These responsibilities are known as FSMO (Flexible Single Master Operations) roles.

There are five FSMO roles in total. Two of these are forest-wide roles, which can only be held by a single domain controller in the entire forest at any given time. The other three are domain-wide roles, which can only be held by one domain controller per domain at a time.

FSMO roles - Forest scope

  • Schema master - It handles all updates to the Active Directory schema, which includes object classes and attributes. These updates are then replicated automatically to all domain controllers.
  • Domain naming master - This role controls the addition and removal of domains in the forest and manages references to them in the forest configuration. By doing so, it helps prevent conflicts when domains are added or removed.

FSMO roles - Domain scope

  • RID master - It allocates pools of relative IDs (RIDs) to domain controllers so that all security principals (users, groups, and computers) receive unique SIDs. It also manages the movement of objects between domains and ensures every security principal has a unique identifier while preventing duplication.
  • PDC emulator - It handles password changes, processes account lockouts, and serves as the authoritative time server for the domain. It also provides backward compatibility with legacy Windows NT 4.0 backup domain controllers.
  • Infrastructure master - Maintains references to objects from other domains and updates these references when names or SIDs change. It also ensures that group memberships involving objects from other domains remain accurate. However, this role has little impact if all domain controllers are global catalog servers or if the recycle bin feature is enabled.

2. How to determine which domain controller is the primary domain controller (PDC emulator)?

The PDC emulator is one of the five FSMO roles and is a domain-wide role responsible for time synchronization, password changes, and account lockouts. Because of its critical functions, it is important to know which domain controller holds this role to maintain stability and security. The PDC emulator can be identified using the following methods.

Find PDC emulator using Active Directory Users and Computers

  • Open the Active Directory Users and Computers console.
  • Right-click on the domain and navigate to Operations Masters.
  • In the PDC tab, you can view the current PDC emulator in your Active Directory environment.
check-pdc-through-aduc

Identify PDC emulator using PowerShell

Run the following cmdlet to identify the domain controller holding the PDC emulator role in your domain. 

Get-ADDomain | Select-Object PDCEmulator

Get PDC emulator via command prompt

To find the PDC emulator in your Active Directory domain using command prompt, run the following command. 

netdom query fsmo | find "PDC"

3. How to view or transfer FSMO roles using PowerShell?

While methods such as the ADUC console, NTDSUtil tool, and other approaches require administrators to perform multiple steps to view or transfer FSMO roles, PowerShell streamlines the process. With consistent cmdlets, PowerShell enables administrators to view and transfer all the five FSMO roles more quickly and efficiently.

Get all FSMO role holders using PowerShell

Use the following cmdlet to identify all domain controllers that currently hold FSMO roles within your Active Directory environment.

$domain = Get-ADDomain ; $forest = Get-ADForest
[PSCustomObject]@{
    PDCEmulator         = $domain.PDCEmulator
    RIDMaster           = $domain.RIDMaster
    InfrastructureMaster = $domain.InfrastructureMaster
    SchemaMaster        = $forest.SchemaMaster
    DomainNamingMaster  = $forest.DomainNamingMaster
}
check-fsmo-roles-using-powershell

You can also run the following command in the command prompt to view the FSMO role holders in your Active Directory environment. 

netdom query fsmo

Transfer FSMO roles using PowerShell

When a domain controller is upgraded, decommissioned, or under maintenance, transfer the FSMO roles to ensure Active Directory continues to run smoothly.

Use the following cmdlet to transfer roles to another domain controller. 

Move-ADDirectoryServerOperationMasterRole -Identity "<TargetDC>" -OperationMasterRole "<Role>"

Replace <TargetDC> with the target DC’s host name and <Role> with one or more of the following roles: SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, or InfrastructureMaster.

4. What is the difference between a global catalog and FSMO roles in domain controllers?

FSMO roles and the global catalog are two distinct components of Active Directory, each serving a unique function in managing and accessing directory data. Here's a breakdown of the key differences between FSMO roles and the global catalog (GC) in Active Directory.

fsmo-roles-vs-gc

5. How to make a domain controller a global catalog in Active Directory?

Enabling the global catalog (GC) on a domain controller improves search performance, user logins, and access to resources across domains. This is because a global catalog (GC) has a partial read only replica of all objects in the directory.

While enabling global catalog may not seem necessary when promoting a new server, it becomes important as the environment grows or for cross-domain queries and authentication. Here are the methods to set up a global catalog on a domain controller in Active Directory.

Enable global catalog on a domain controller using ADSS 

  • Open the Active Directory Sites and Services console and expand the sites.
  • Right-click NTDS Settings under the Servers object and select Properties.
  • Under the General tab, check the box beside Global Catalog and click OK.
enable-gc-via-sites-&-services

Promote domain controller to global catalog using PowerShell

Run the following cmdlet to enable the GC on a domain controller. Replace <DCName> with the actual name of the DC. 

Set-ADObject -Identity (Get-ADDomainController -Identity "<DCName>").ntdsSettings -Replace @{options='1'}

6. What happens when a domain controller goes down in Active Directory?

A domain controller failure in an Active Directory environment can cause major disruptions. Users may encounter authentication errors, while services such as DNS, DHCP, or VPN may stop working if they depend on the failed DC. The overall impact depends on whether other DCs are available to take over its roles.

Effects of a domain controller failure in Active Directory

The following scenarios illustrate the impact of different domain controller failures in Active Directory.

  • Single DC down in a single-DC environment - In a single-DC environment, if the only DC fails due to hardware, software, or network issues, the domain becomes largely non-functional. Users cannot log in or access network resources that require DC validation. However, cached credentials allow users who have previously logged in to access their accounts temporarily, though network resource access and operations requiring FSMO roles remain unavailable.
  • Single DC down in a multi-DC environment - In environments with multiple DCs, if one fails, the remaining DCs continue to handle authentication, replication, and other AD operations. If the failed DC held FSMO roles, these roles can be transferred or seized by other DCs to ensure continuity of critical operations. Services like DNS and DHCP remain functional if other DCs provide redundancy.
  • Multiple DCs down in a multi-DC environment - If several DCs fail simultaneously, remaining DCs may handle requests but only up to their capacity. Users may experience login delays, partial service outages, or authentication errors. Quick restoration of failed DCs is essential to maintain full redundancy and performance.
  • Entire site DC outage - If all DCs in a specific site fail, local users cannot log in or access domain services directly. Cached credentials allow temporary logon, but full access to network resources requires the site’s DCs to be restored. If DCs from other sites are unreachable, services dependent on AD may fail completely.

Best practices for maintaining domain controllers in Active Directory

  • Maintain at least two domain controllers per domain to ensure uninterrupted Active Directory services.
  • Ensure domain controllers, especially those holding FSMO roles, have sufficient CPU, memory, storage, and network resources for high performance and reliability under peak loads.
  • Enable global catalog on 2–3 DCs so authentication and searches continue if one fails.
  • Always remember the DSRM password and keep it safe, as it is required to recover the Active Directory database from backup.
  • If a domain controller needs to be taken offline, always demote it before shutting it down to prevent login issues, DNS problems, and other Active Directory errors.
  • Although the cached credentials policy allows users to log in if a DC fails, it should be avoided because Microsoft does not recommend relying on it.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Active Directory
How to Get All Domain Controllers in Active Directory
Active Directory Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo