Active Directory

How does a client find it’s Domain Controllers at the right Active Directory site?

How does a client find it’s Domain Controllers at the right Active Directory site?

What actually happens in the background when a domain client authenticates itself to the domain? How client get the authentication from domain controller. That’s the question for today’s post.

Ok, let’s go into the details. We assume that the computer has already joined the domain.

This is a very simplified representation.

  • During the client’s system startup, the logon service (netlogon) starts with the API DsGetDcName.
Netlogon Service

  • The API collects information about the client’s configuration, such as IP-Address.
  • Now the client uses netlogon service to query the configured DNS server for DC’s in _LDAP._TCP.dc._msdcs.domainname.
  • DNS server returns list of DC’s.
  • Client sends an LDAP ping to a DC asking for the site it is in based on the clients IP address (IP address ONLY! The client’s subnet is NOT known to the DC).
  • DC returns…
  • The client’s site or the site that’s associated with the subnet that most matches the client’s IP (determined by comparing just the client’s IP to the subnet-to-site table Netlogon builds at startup).
  • The site that the current domain controller is in.
  • A flag (DSClosestFlag=0 or 1) that indicates if the current DC is in the site closest to the client.
  • The client decides whether to use the current DC or to look for a closer option.
  • Client uses the current DC if it’s in the client’s site or in the site closest to the client as indicated by DSClosestFlag reported by the DC.
  • If DSClosestFlag indicates the current DC is not the closest, the client does a site specific DNS query to: _LDAP._TCP.sitename._sites.domainname (_LDAP or whatever service you happen to be looking for) and uses a returned domain controller.

Recommended content

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button