AD-DC Querying

The tools used for ADDC querying are as follows :

nltest command:

You can use nltest to query domain controllers and domain-related information. For example:

• To find the domain controllers in the domain:

  nltest /dclist:<domain_name>

• To get information about the current domain:

  nltest /dsgetdc:<domain_name>

---

nbtstat Command:

nbtstat is useful for querying NetBIOS over TCP/IP (NBT) and can show you NetBIOS information about computers and services on the network. For example:

• To display information about the NetBIOS name tables of remote computers:

  nbtstat -A <IP_Address>

  This will show you the NetBIOS name table of a specific computer (useful to identify its NetBIOS names).

• To display the NetBIOS name table of your own computer:

  nbtstat -n

  This shows the NetBIOS names that your system is currently using.

• To resolve NetBIOS names from a remote host by its name:

  nbtstat -a <hostname>

  This will give you the NetBIOS name table for the specified host.