Jorge 's Quest For Knowledge!

This is the 2^nd part of "DC Locator Process in W2K, W2K3(R2) and W2K8"

Looking at this all, the DC locator process as explained above still applies to Windows Vista and to Windows Server 2008 and later. Are there any differences or additions? Yes, there are!

Basically the client either queries for a DC in the AD site it is in or it queries for a DC in the AD domain it is in. I have always asked myself why the DC locator process did not support following the site topology based on the site cost to find the next closest DC for authentication. The answer to that is unknown to me, but both Windows Vista and Windows Server 2008 provide an additional possibility that exists between "a DC in the AD site" (the closest end) and "a DC in the AD domain" (the far end). The new possibility is "a DC in the next closest site". ;-)

Both Windows Vista and Windows Server 2008 still use the default behavior W2K, WXP, W2K3(R2) have. For both Windows Vista and Windows Server 2008 to locate a DC in the next closest site, it needs to be enabled explicitly. That can be done by using the following:

• For WVT/W2K8 and later:
  • GPO setting path: "Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records"
  • GPO setting: "Try next closest site"
  • GPO setting mode: Enabled

To determine a DC within a set of DC of DCs in the client's AD site that could authenticate the client:

• NLTEST /DSGETDC:<FQDN DOMAIN>

To determine a writable DC within a set of DCs in the next closed AD site from the client's perspective that could authenticate the client:

• NLTEST /DSGETDC: <FQDN DOMAIN> /WRITABLE /TRY_NEXT_CLOSEST_SITE

Continued in part 3 of the "DC Locator Process in W2K, W2K3(R2) and W2K8"

For additional information, make sure to have a look at:

• SRV record
  • http://en.wikipedia.org/wiki/SRV_record
• How to verify that SRV DNS records have been created for a domain controller
  • http://support.microsoft.com/?kbid=816587
• SRV Resource Records
  • http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_sdns.mspx?mfr=true
• How to optimize the location of a domain controller or global catalog that resides outside of a client's site
  • http://support.microsoft.com/?kbid=306602
• How DFS Works
  • http://technet2.microsoft.com/windowsserver/en/library/a9096e88-1634-4da6-b820-537341d349061033.mspx?mfr=true

Additional interesting links:

• Windows Server 2008 Home
  • http://www.microsoft.com/windowsserver/2008/default.mspx
• Windows Server 2008 Product Overview
  • http://www.microsoft.com/windowsserver2008/evaluation/overview.mspx
• Windows Server 2008 Wiki Info
  • http://en.wikipedia.org/wiki/Windows_Server_2008
• Live WebCasts
  • http://www.microsoft.com/events/webcasts/upcoming.mspx
• Microsoft Technical Communities
  • http://www.microsoft.com/communities/default.mspx

Cheers,

Jorge

--------------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
--------------------------------------------------------------------------------------------------
############### Jorge's Quest For Knowledge ###############
######## http://blogs.dirteam.com/blogs/jorge/default.aspx #########
--------------------------------------------------------------------------------------------------