How DNS provides DC access

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

in W2k domain, they are no BDC. All are DC. But how to set preferred DC for client to login. Can u set a preferred secondary DC for authentication without allowing the system to choose. Perhaps it for load sharing

If the main DC fails, how could clients know which is the next DC to login to, and how can I know find that out. How do win98 client find that out. I know that w2k & xp integrate well with AD & DNS.
 
In
Saravanan said:
in W2k domain, they are no BDC. All are DC. But how to set preferred
DC for client to login. Can u set a preferred secondary DC for
authentication without allowing the system to choose. Perhaps it for
load sharing.

If the main DC fails, how could clients know which is the next DC to
login to, and how can I know find that out. How do win98 client find
that out. I know that w2k & xp integrate well with AD & DNS.
Click to expand...


98 clients can't. They rely on Netbios.

Maybe you can hard code it in their LMHOSTS file.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
In
Melanie Smartt said:
You may want to check out Operations Mater roles on the DC(s).
http://support.microsoft.com/default.aspx?scid=kb;EN-US;234790
Find out which role controls DNS. Hope that helps.
Click to expand...


Actually would like to point out that none of the FSMO roles "control" DNS.
Separate service and funcitonality. The 5 FSMO roles have specific functions
they perform. 3 of them are domain specific, while the other two are forest
wide. The article will tell you what they are and what function they
perform.

As for DNS, W2k and newer clients' clientside extensions query DNS for a GC
in it's site by looking it up in the SRV records. Once that is found, the GC
enumerates what domain the user belongs in and universal groups the user is
part of. Then the LSA interacts with the Kerberos sevice to construct the
access token for the user and the local machine LSA will add any specific
rights the user has. Then the client side extension queries the DC for any
GPOs that need to apply then queres the syvol to get them....etc

These clients will query for anther DC in its site if the one it picked is
down. If not one in it's site, it will grab one in another site, provided
sites are configured or if there are any other sites at all. That is all
done thru the SRV records in DNS.

Downlevel clients cannot perform these functions. They are NetBIOS based
only. They will broadcast for a DC to ask for authentication. Whichever one
anwsers first gets it. You can view what DC authenticated it by typing in a
DOS prompt (on any OS):
%logonserver%.

Here;s more info on the logon process for W2k and newer clients:
231789 - Local Logon Process for Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;231789

Q247811 - How Domain Controllers Are Located in Windows:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247811

314861 - How Domain Controllers Are Located in Windows XP:
http://support.microsoft.com/?id=314861

This may help a bit with downlevel clients:
298713 - How to Prevent Overloading on the First Domain Controller During
Domain Upgrade [Good to force to look for NT4 DCs too if a W2k AD exists]:
http://support.microsoft.com/?id=298713

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top