This section explains how Active Directory uses DNS and how Address Manager and DNS/DHCP Server integrate into this environment.
Microsoft Active Directory (AD) is based on well-known network services such as
Lightweight Directory Access Protocol (LDAP), Kerberos, and DNS. The Windows domain
discovery process uses DNS for client systems to find the closest or most appropriate
Domain Controller (DC). This information is stored in a series of DNS records
specifying the following information:
- LDAP servers
- Kerberos servers
- Address of the domain controllers
- Global Catalog servers
- Kerberos password change servers
Before a client can connect to the Windows Domain, it needs to find a suitable DC. The
Windows client running a service called NetLogon uses a DC-locating algorithm to find
the appropriate server. This is how the DC-locating algorithm works:
- The client obtains a list of DCs through a DNS query using the domain name, domain Globally Unique Identifier (GUID), or site name.
- The locator pings each controller in random order and uses the weighting factor discovered while getting the list of DCs. It waits up to one tenth of a second for a reply from the DC and continues pinging until it has tried all controllers or until it receives a successful response.
- After a DC responds to a ping, the results from the response are compared to the parameters required by the client. If there's a match, then the DC is used. Otherwise, it resumes pinging other DCs.