How to Find Which Logon Server You Authenticated to (Domain Controller)

by Robert Allen

There are times when you need to determine which domain controller you have authenticated to. This can be helpful for a number of reasons such as troubleshooting group policy, slow logins, application issues, map network drives or printers, and so on.

For example, recently I ran into an issue where single sign-on was not working for multiple applications. I was troubleshooting the issue on multiple virtual desktops and noticed that single sign on was working on one of them. I thought this was strange considering all the virtual desktops were the exact same. That is when I checked which domain controller it authenticated against and noticed it was DC2 and all the others were DC1.

Check Which Domain Controller You Are Connected To

You can check the logon server with either the command line or PowerShell.

Option 1 – Using the set cmd command

Open the command line, type the command below, and press enter

set l

In the screenshot above I authenticated to the DC2 domain controller. The set l command displays everything from the set command that starts with l so it’s displaying the localappdata also. You could just type set logon to see only the logonserver.

Option 2 – Using the echo logonserver command

Open the command line, type the command below, and press enter.

echo %logonserver%

Option 3 – Using PowerShell

Open PowerShell, type the command below, and press enter

$env:LOGONSERVER

Find Domain Controller Group Policy Was Applied From

If you need to know which domain controller a computer or user applied its group policy settings from then run the gpresult /r command.

gpresult /r

You can see in the above screenshot the group policy was applied from DC2.

Make sure you check the user settings section as the policy could apply from a different domain controller.

Recommended Tools

  • AD Cleanup Tool - Find stale and inactive user and computer accounts in Active Directory. Export, disable, move or delete the stale accounts to increase security.
  • AD User Creation Tool - Bulk import or update Active Directory user accounts. Add users to groups, import into OUs, set multiple attributes and more.
  • NTFS Permissions Tool - Scan and audit NTFS folder permissions. See which users and groups have access to what.
  • AD Reporting Tool - Over 200 reports on users, computers, groups, OUs and more. Customize reports or create your own reports with the report builder.

6 thoughts on “How to Find Which Logon Server You Authenticated to (Domain Controller)”

  1. I’ve noticed of late that the LOGONSERVER environment variable is frequently not in the user environment on W11 and W10. I’ve also encountered a couple of descriptions saying LOGONSERVER is deleted at the completion of login. I’m now using:

    nltest /dsgetdc:

    to determine the authenticating domain controller

    Reply
    • I just tested on my Win 11 computer and the set command still shows the LOGONSERVER. nltest is a nice alternative though.

      Reply
  2. in a command prompt you can also use “echo %logonserver%” to find out what server you authenticated to.

    Reply

Leave a Comment