What actually happens in the background when a domain client authenticates itself to the domain? That’s the question for today’s post.
Ok, let’s go into the details. We assume that the computer has already joined the domain.
This is a very simplified representation.
- During the client’s system startup, the logon service (netlogon) starts with the API DsGetDcName.
- The API collects information about the client’s configuration, such as IP-Address.
- The client now uses netlogon to query the configured DNS server for Domain Controllers in it’s site.
- The DNS server returns a list of all Domain Controller to the client.
- The client receives the information, tries to contact the Domain Controllers and uses the Domain Controller that responded first. First come, first serve! 😉
You can see the process in a network monitoring tool:
Categories: Windows Server
So, How client know their site from ?
Hi! First site discovery will be performed at domain join. It’s a process I didn’t describe in my article. Best
great article, thank you.
Do you know how often a domain joined computer refreshes its associated AD Site?
Is it when the Netlogon service is restarted (manually, or via a reboot), or does it happen periodically in the background?
Thanks in advance!