Windows Server

Active Directory: How does a client find it’s Domain Controllers at the right Active Directory site?

What actually happens in the background when a domain client authenticates itself to the domain? That’s the question for today’s post.

Ok, let’s go into the details. We assume that the computer has already joined the domain.

This is a very simplified representation.

  1. During the client’s system startup, the logon service (netlogon) starts with the API DsGetDcName.Unbenannt.JPG
  2. The API collects information about the client’s configuration, such as IP-Address.
  3. The client now uses netlogon to query the configured DNS server for Domain Controllers in it’s site. bild1Unbenannt.JPG
  4. The DNS server returns a list of all Domain Controller to the client.Unbenannt.JPG
  5. The client receives the information, tries to contact the Domain Controllers and uses the Domain Controller that responded first. First come, first serve! 😉

You can see the process in a network monitoring tool:

bild4

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s