To verify the DNS resource records needed to join an Active Directory domain using nslookup

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To verify the DNS resource records needed to join an Active Directory domain using nslookup

  1. Open Command Prompt.

  2. Type:


  3. At the next prompt, type:

    set q=srv

  4. At the next prompt, type:


  5. Review the output of the previous SRV query and determine if further action is needed based on whether the previous query succeeded or failed:

    • If the query succeeded, review the registered service location (SRV) resource records returned in the query to determine if all domain controllers for your Active Directory domain are included and registered using valid IP addresses. If no corresponding address (A) resource records are returned in response to the query, use the nslookup tool to obtain these records. For information on using nslookup, see Related Topics.

    • If the query failed, continue troubleshooting dynamic update or DNS server-related issues to determine the exact cause of the problem.


Value Description


Initiates the command-line tool.

set q=

The command to send the query to the root server. This parameter will accept all resource record (RR)types. For example, set q=A for host (A) resource records.


The SRV resource records that use a specified name.

_ldap._tcp.dc._msdcs. ActiveDirectoryDomainName

The DNS name configured for use with your Active Directory domain and any of its associated domain controllers.

For example, if the DNS domain name of your Active Directory domain is, type:


  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, do the following:

    Type nslookup, press ENTER, then type help.

  • In some cases, when performing this procedure, you might see several time-outs reported. This happens when reverse lookup is not configured for DNS servers servicing the same DNS domain as your Active Directory domain.

  • The following is an example of command-line output for an Nslookup session used to verify SRV resource records that are registered by domain controllers. In the following example, the two domain controllers are dc1 and dc2 and are registered for the "" domain.

    Default Server:
     set type=srv
    Address:   SRV service location:
              priority       = 0
              weight         = 0
              port           = 389
              svr hostname   =   SRV service location:
              priority       = 0
              weight         = 0
              port           = 389
              svr hostname   =     internet address =     internet address =
  • The Nslookup command-line tool is a standard tool provided in most DNS service implementations. It offers the ability to perform query testing of DNS servers and obtain detailed responses as the command output. This information is useful in troubleshooting name resolution problems, verifying that resource records are added or updated correctly in a zone, and debugging other server-related problems.

  • The Net Logon service on each domain controller registers, as appropriate, a number of different DNS resource records with DNS servers.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Community Additions