When you join a Windows operating system client to a domain and then restart it, the client completes a domain controller location and registration process. The goal of this registration process is to locate the domain controller with the most efficient and closest location to the client’s location based on IP subnet information. The process for locating a domain controller is as follows:
1. The new client queries for all domain controllers in the domain. As the new domain client restarts, it receives an IP address from a DHCP server, and is ready to authenticate to the domain. However, the client does not know where to find a domain controller. Therefore, the client queries for a domain controller by querying the _tcp folder, which contains the SRV records for all domain controllers in the domain.
2. The client attempts an LDAP ping to all domain controllers in a sequence. DNS returns a list of all matching domain controllers and the client attempts to contact all of them on its first startup.
3. The first domain controller responds. The first domain controller that responds to the client examines the client’s IP address, cross-references that address with subnet objects, and informs the client of the site to which the client belongs. The client stores the site name in its registry, and then queries for domain controllers in the site-specific _tcp folder.
4. The client queries for all domain controllers in the site. DNS returns a list of all domain controllers in the site.
5. The client attempts an LDAP ping sequentially to all domain controllers in the site. The domain controller that responds first authenticates the client.
6. The client forms an affinity. The client forms an affinity with the domain controller that responded first, and then attempts to authenticate with the same domain controller in the future. If the domain controller is unavailable, the client queries the site’s _tcp folder again, and again attempts to bind with the first domain controller that responds in the site.
If the client moves to another site, which may be the case with a mobile computer, the client attempts to authenticate to its preferred domain controller. The domain controller notices that the client’s IP address is associated with a different site, and then refers the client to the new site. The client then queries DNS for domain controllers in the local site .
Source :- MOC-20412
1. The new client queries for all domain controllers in the domain. As the new domain client restarts, it receives an IP address from a DHCP server, and is ready to authenticate to the domain. However, the client does not know where to find a domain controller. Therefore, the client queries for a domain controller by querying the _tcp folder, which contains the SRV records for all domain controllers in the domain.
2. The client attempts an LDAP ping to all domain controllers in a sequence. DNS returns a list of all matching domain controllers and the client attempts to contact all of them on its first startup.
3. The first domain controller responds. The first domain controller that responds to the client examines the client’s IP address, cross-references that address with subnet objects, and informs the client of the site to which the client belongs. The client stores the site name in its registry, and then queries for domain controllers in the site-specific _tcp folder.
4. The client queries for all domain controllers in the site. DNS returns a list of all domain controllers in the site.
5. The client attempts an LDAP ping sequentially to all domain controllers in the site. The domain controller that responds first authenticates the client.
6. The client forms an affinity. The client forms an affinity with the domain controller that responded first, and then attempts to authenticate with the same domain controller in the future. If the domain controller is unavailable, the client queries the site’s _tcp folder again, and again attempts to bind with the first domain controller that responds in the site.
If the client moves to another site, which may be the case with a mobile computer, the client attempts to authenticate to its preferred domain controller. The domain controller notices that the client’s IP address is associated with a different site, and then refers the client to the new site. The client then queries DNS for domain controllers in the local site .
Source :- MOC-20412
No comments:
Post a Comment