https://github.com/NickSanzotta/GetDomainController
A python utility that leverages DNS to quickly discover windows domain controllers and exchange servers.
Usage:
python getdc.py -d contoso.local
python getdc.py -d contoso-a.local constoso-b.local
python getdc.py -d contoso.local -n 8.8.8.8
python getdc.py -d contoso.local -f host
python getdc.py -d contoso.local -e
Required arguments:
[-d, --domain] define domain, accepted values 'hostname', 'hostnames(seperate by a space)'
Optional arguments:
[-n, --nameserver] define nameserver, accepted values 'hostname', 'ipaddress'
[-f, --format] format output type, accepted values 'json(default)', 'host', 'ip', 'hostip', 'zerologon'
[-v, --verbose] toggle debug meesages to stdout
[-e, --exchange] additionally retrieve exchange hosts