I used to be dumb and find it annoying to get the list of DCs that I would target in a pentest. Apparently its super easy to get them from DNS records.
replace COMPANY.com with whatever the actual domain is. If you are using the internal DNS servers, you can typically just do a "nslookup -r 18.104.22.168" to get the FQDN of the machine. That usually provides you with the "COMPANY.com" part.
Other ways i've found that work:
If you have shell access:
netdom query /D:DOMAINNAME DC
net view /domain