6.2 DC Locator

One of the fundamental issues for clients in any NOS environment is finding the most optimal domain controller (DC) to authenticate against. The process under Windows NT was not very efficient and could cause clients to authenticate to domain controllers in the least optimal location. With Active Directory, clients use DNS to locate domain controllers via the DC locator process. To illustrate at a high level how the DC locator process works, we will describe an example where a client has moved from one location to another and needs to find a DC:

  1. A client previously located in Site A logs in from Site B.

  2. When the client boots up, it thinks it is still in Site A, so it proceeds to contact a DC in Site A using DNS unless the server name was previously cached.

  3. The DC in Site A receives the request and realizes that the client should now be talking to a DC in Site B due to its IP address changing. If the server does not cover Site B, it will return the clients new site in the reply.

  4. The client will then perform a DNS lookup to find a DC in Site B.

  5. The client then contacts the DC in Site B. Three things can happen: the DC responds and authenticates the client; the DC fails to respond (it could be down), and the client attempts to use a different DC in Site B; or the DC fails to respond, and the client searches and fails to find another DC in Site B, instead turning back to the DC in Site A and authenticating with the original server.

The two main things that are needed to support the DC locator process are proper definition of the site topology in Active Directory and containment of all the necessary Active Directory related resource records in DNS. In the next section, we will describe the purpose of the resource records used in Active Directory. For a more detailed description of how the DC locator process works, including the specific resource records that are queried during the process, check out Microsoft Knowlede Base (KB) article 247811 "How Domain Controllers Are Located in Windows" and Microsoft KB article 314861 "How Domain Controllers Are Located in Windows XP" at http://support.microsoft.com.

    Part II: Designing an Active Directory Infrastructure
    Part III: Scripting Active Directory with ADSI, ADO, and WMI