Windows Server

Active Directory: How does a client find it’s Domain Controllers at the right Active Directory site?

What actually happens in the background when a domain client authenticates itself to the domain? That’s the question for today’s post.

Ok, let’s go into the details. We assume that the computer has already joined the domain.

This is a very simplified representation.

  1. During the client’s system startup, the logon service (netlogon) starts with the API DsGetDcName.Unbenannt.JPG
  2. The API collects information about the client’s configuration, such as IP-Address.
  3. The client now uses netlogon to query the configured DNS server for Domain Controllers in it’s site. bild1Unbenannt.JPG
  4. The DNS server returns a list of all Domain Controller to the client.Unbenannt.JPG
  5. The client receives the information, tries to contact the Domain Controllers and uses the Domain Controller that responded first. First come, first serve! 😉

You can see the process in a network monitoring tool:


3 replies »

  1. Hi Patrick,
    great article, thank you.

    Do you know how often a domain joined computer refreshes its associated AD Site?

    Is it when the Netlogon service is restarted (manually, or via a reboot), or does it happen periodically in the background?

    Thanks in advance!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.