How Domain controllers are located in windows

2

How do servers locate a domain controller in a Network?

One of the first major tasks a domain member computer has to do when it starts is to locate a domain controller. Generally, this task requires the use of a Domain Name System (DNS) server, which contains records for each domain controller in the domain, and the Locator, a remote procedure call to the computer’s local Netlogon service.

Starting Up

When the computer starts, its Netlogon service starts automatically (in the default configuration). Th is service implements the DsGetDcName application programming interface (API), which is used to locate a domain controller.

The computer  begins  by collecting  a number  of pieces of information that  will be used  to  locate a domain controller. This information includes the client’s local IP address, which is used to determine the client’s Active Directory site membership, the desired domain name, and a DNS server address.

Finding the Domain Controllers

Netlogon then queries the configured DNS server. Netlogon retrieves the service resource (SRV) records and host (A) records from DNS that correspond to the domain controllers for the desired domain. The general form for the queried SRV records is _service._protocol.domainname, where service is the domain service, protocol is the TCP/IP protocol, and domainname is the desired Active Directory fully qualified domain name (FQDN). For example, because Active Directory is a Lightweight Directory Access Protocol (LDAP)-compliant directory service,  clients query for  _ldap._tcp.domainname  (or  _ldap._tcp.dc._msdcs.domainname when  locating  the nearest domain controller).

Each domain controller in a domain will register its host name with the SRV record, so the client’s query results will be a list of domain controller host names. The client also retrieves the associated A records, providing the client with the IP address of every domain controller in the domain. The client then sends an LDAP search query,  via  the  User  Datagram  Protocol  (UDP),  to  each  domain  controller.  Each  domain  controller  then responds, indicating that it is operational. The Netlogon service caches all of this information so that finding a domain controller in the future won’t require a repeat of this initial process. Instead, the service can simply refer to its cache to find another domain controller.

Selecting a Domain Controller

After the client locates a domain controller, the client uses LDAP to access Active Directory on a domain controller, preferably one in the client’s own subnet. The domain contro ller uses the client’s IP address to identify the client’s Active Directory site. If the domain controller is not in the closest site, then the domain controller returns the name of the client’s site, and the client tries to find a domain controller in tha t site by querying DNS. If the client has already attempted to find a domain controller in that site, then the client will continue using the current, nonoptima domain controller. Once the client finds a domain controller it likes, it caches that domain controller’s information, and the client will continue to use that domain controller for future contacts (unless the domain controller becomes unavailable).

For more details on troubleshooting please refer below KB article

http://support.microsoft.com/kb/247811

 

For more article updates, videos and posters join our official page in Facebook

Facebook Page: https://www.facebook.com/ServerGeeks

Web Site: https://servergeeks.wordpress.com/

Video Channel: https://www.youtube.com/user/Habibmvp

 

AD Integrated DNS

0

DNS Scenario – AD integrated DNS

Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard

primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.

What should you do?

A. Create a new stub zone named ad.contoso.com on DC2.

B. Create a new standard secondary zone named ad.contoso.com on DC2.

C. Configure the DNS server on DC2 to forward requests to DC1.

D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Correct Answer: D

Explanation

An AD integrated DNS can automatically get all the updates from AD. Later these records can be transferred to secondary DNS server to avoid any downtime during WAN link issue.


Active Directory Diagnostics

1

AD Scenario – Active Directory Diagnostics

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller.

What should you do?

A. Review performance data in Resource Monitor.

B. Review the Hardware Events log in the Event Viewer.

C. Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.

D. Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.

Answer: C

Explanation

Prior to Windows Server 2008, troubleshooting Active Directory performance issues often required the installation of SPA. SPA is helpful because the Active Directory data set collects performance data and it generates XML based diagnostic reports that make analyzing AD performance issues easier by identifying the IP addresses of the highest volume callers and the type of network traffic that is placing the most loads on the CPU.

Download SPA tool

http://www.microsoft.com/en-us/download/details.aspx?id=15506

Now the same functionality has been built into Windows Server 2008 and Windows Server 2008 R2 and you don’t have to install SPA anymore.

This performance feature is located in the Server Manager snap-in under the Diagnostics node and when the Active Directory Domain Services Role is installed the Active Directory Diagnostics data collector set is automatically created under System as shown here.

When you will check the properties of the collector you will notice that the data is stored under %systemdrive%\perflogs, only now it is under the \ADDS folder and when a data collection is run it creates a new subfolder called YYYYMMDD-#### where YYYY = Year, MM = Month and DD=Day and #### starts with 0001 . Active Directory Diagnostics data collector set runs for a default of 5 minutes. This duration period cannot be modified for the built-in collector. However, the collection can be stopped manually by clicking the Stop button or from the command line.

To start the data collector set, you just have to right click on Active Directory Diagnostics data collector set and select Start. Data will be stored at %systemdrive%\perflogs location.

Once you’ve gathered your data, you will have these interesting and useful reports under Report section, to aid in your troubleshooting and server performance trending.