noob question Enumerating Domain vs Domain Controller


I am building my windows knowledge and want to understand more about Domains vs Domain Controller. I understand the domain is the network of hosts that is part of the domain and the domain controller is the host/server “in charge”.

To enumerate I usually use enum4linux which usually gives some sort of info about the domain but I don’t understand how this links in with the domain controller.

How do I get the hostname of the domain controller/ ip of the domain controller?

I feel like there is some sort of LDAP query but LDAP is only usually open on the domain controller so I wouldnt need the name/ip in the first place?

thanks :slight_smile: