Identify applications that are configured to connect to a specific domain controller

I work with a Windows domain that has many domain controllers (DCs). I'm looking to remove some of these, but I know there are some applications that are hard-coded to use a specific domain controller for authentication. I don't know what these applications are however. How can I determine which applications could be set to use a single domain domain controller so I can prevent an outage when that DC goes offline?

Shut down each DC for a couple of days and wait for the screams.

Seriously, it's the only way.

Whoever/whatever wants to talk to Active Directory should be able to find a domain controller using the proper process. But some application developers are definitely foolish enough to want a statically-defined DC; well, it's their fault, and they should pay for it.

But you, as an AD administrator, have absolutely no way of knowing if an application is talking to a specific DC because it actually looked it up the proper way, or because someone configured it statically.

Sadly, shutting down each DC and checking if anything stops working is the only way.

Another method to try to identify those servers might be to run something like Network Monitor on the Domain Controllers and run a capture, filtering for authentication traffic. You could then further filter by the ip addresses of your servers to narrow the displayed results. The trick is going to be determining what authentication traffic is related to your applications. Look for AS Request Cname traffic that contains a username, such as in the screenshot below, and investigate that. Admittedly, I've never had to do this but this is certainly one method I would try.