- The Windows computer sends an DNS query to ask for DNS resolution of _ldap._tcp.dc._msdcs.domain.com (Example: _ldap._tcp.dc._msdcs.contoso.com) SRV records
- The DNS server responds with the list of registered DNS records (The records contain the list of Domain Controllers within the AD domain
- The Windows computer reviews the list of SRV records and selects one according to the priority and weight assigned to the records. It will then query the DNS server to get the IP address of the selected Domain Controller
- The DNS server checks the A record of the Domain Controller and responds with the IP address
- The Windows computer contacts the selected Domain Controller and initiates the communication with it When the communication is initiated, the selected Domain Controller will check that the client computer belongs to its Active Directory site. This is done by comparing the IP address of the client computers with Active Directory configured sites and subnets. Here, there will be two possible scenarios:
- The Windows computer and the selected Domain Controller belong to the same Active Directory site: In this situation, the following will happen:
- The selected Domain Controller provides the client computer with the site name
- The Windows computer caches the name of its AD site and the name of the used Domain Controller. The selected Domain Controller will be used as long as it is available. The Windows computer no longer needs to re-do the localization process each time it needs to communicate with a Domain Controller.
- The Windows computer and the selected Domain Controller do not belong to the same Active Directory site: In this situation, the following will happen:
- The selected Domain Controller provides the client computer with the site name and informs it that it is not the closest Domain Controller
- The Windows computer sends a DNS query to ask for DNS resolution ofldap._tcp.Computer_Site_Name._sites.dc._msdcs.domain.com (Example: _ldap._tcp.denver._sites.dc._msdcs.contoso.com) SRV records
- The DNS server responds with the list of registered DNS records (The records contain the list of Domain Controllers within the AD site)
- The Windows computer reviews the list of SRV records and selects one according to the priority and weight assigned to the records. It will then query the DNS server to get the IP address of the selected Domain Controller
- The DNS server checks the A record of the Domain Controller and responds with the IP address
- The Windows computer contacts the selected Domain Controller and initiates the communication with it
Remark 1: If the Windows computer fails to
communicate with a selected Domain Controller, it will try to contact another
one according to the priority and weight assigned to the SRV records.
Remark 2: If a Windows computer already
has its AD site cached and would like to localize a new Domain Controller
(Example: The current Domain Controller in use is no longer available) then it
will start directly with Step number 7 (We refer to the steps shown in the
previous figure)
Remark 3: The Windows computer AD site is stored
in the following registry entry:
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName
No comments:
Post a Comment