JSI Tip 5629. How can my script detect if a remote computer is a Active Directory domain controller?

In tip 0134, we used the net accounts command to determine the role of the local computer. It would return WORKSTATION, SERVER, or PRIMARY.

We could script the detection of the local computers role using:

for /f "skip=8 Tokens=3" %i in ('net accounts') do if /i NOT "%i"=="completed" set role=%i

To detect if a remote computer is an Active Directory domain controller, you can test for the NTDS service key, using Reg.exe from the Windows 2000 Support Tools, or Reg.exe that is built into Windows XP and later:

"C:\Program Files\Support Tools\reg.exe" query "\\<RemoteComputerName>\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS">nul 2>&1
if %ERRORLEVEL% EQU 1 goto NotDC

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.