One
of the first major tasks a domain member computer has to do when it starts is
to locate a domain controller. Generally, this task requires the use of a
Domain Name System (DNS) server, which contains records for each domain
controller in the domain, and the Locator, a remote procedure call to the
computer's local Netlogon service.
Starting
Up
When
the client computer starts, its Netlogon service starts automatically (in the
default configuration). This service implements the DsGetDcName application programming
interface (API), which is used to locate a domain controller.
The
client machine begins by collecting a number of pieces of information that will
be used to locate a domain controller. This information includes the client's
local IP address, which is used to determine the client's Active Directory site
membership, the desired domain name, and a DNS server address.
Finding
the Domain Controllers
Netlogon
then queries the configured DNS server. Netlogon retrieves the service resource
(SRV) records and host (A) records from DNS that correspond to the domain
controllers for the desired domain. The general form for the queried SRV
records is _service._protocol.domainname, where service is the domain service,
protocol is the TCP/IP protocol, and domainname is the desired Active Directory
fully qualified domain name (FQDN). For example, because Active Directory is a
Lightweight Directory Access Protocol (LDAP)-compliant directory service, clients query for _ldap._tcp.domainname (or
_ldap._tcp.dc._msdcs.domainname when
locating the nearest domain
controller).
Each
domain controller in a domain will register its host name with the SRV record,
so the client's query results will be a list of domain controller host names.
The client also retrieves the associated A records, providing the client with
the IP address of every domain controller in the domain. The client then sends
an LDAP search query, via the
User Datagram Protocol
(UDP), to each
domain controller. Each
domain controller then responds, indicating that it is
operational. The Netlogon service caches all of this information so that
finding a domain controller in the future won't require a repeat of this
initial process. Instead, the service can simply refer to its cache to find
another domain controller.
Selecting
a Domain Controller
After
the client locates a domain controller, the client uses LDAP to access Active
Directory on a domain controller, preferably one in the client's own subnet.
The domain contro ller uses the client's IP address to identify the client's
Active Directory site. If the domain controller is not in the closest site,
then the domain controller returns the name of the client's site, and the
client tries to find a domain controller in that site by querying DNS. If the
client has already attempted to find a domain controller in that site, then the
client will continue using the current, nonoptima domain controller. Once the
client finds a domain controller it likes, it caches that domain controller's
information, and the client will continue to use that domain controller for
future contacts (unless the domain controller becomes unavailable).
For
more details on troubleshooting please refer below KB article
http://support.microsoft.com/kb/247811
No comments:
Post a Comment