How does a client find domains?

Hi,

Just a quick query... how does a PC find domains/domain controllers...

I have found this document...

http://support.microsoft.com/kb/314861

But it does not really explain how the domains box (At the logon screen) is
populated... I understand that once that box is populated, for whatever
domain that is selected, the dsgetdcname function is called which returns a
domain controller, which can then be queried for SRV records etc etc...

But how is the domains box populated, like for trusts and such??

In news:30CF5758-DD07-4612-9FCE-47E58738B709@microsoft.com,
UselessUser <UselessUser@discussions.microsoft.com>, posted the following:
> Hi,
>
> Just a quick query... how does a PC find domains/domain controllers...
>
> I have found this document...
>
> http://support.microsoft.com/kb/314861
>
> But it does not really explain how the domains box (At the logon
> screen) is populated... I understand that once that box is populated,
> for whatever domain that is selected, the dsgetdcname function is
> called which returns a domain controller, which can then be queried
> for SRV records etc etc...
>
> But how is the domains box populated, like for trusts and such??

The response to the question of how the long process works can be pretty
complicated. Basically the client side DcLocator process uses queries DNS
for GC and DC info, then the local winlogon process completes the task. The
key to it is DNS. If using an ISP's DNS, the logon process fails because the
ISP;s DNS has no info about the internal AD resources, domain controllers,
etc.

However, I believe the following article is a direct response to your
question about the logon box, etc. As for trusts, part of when a client
communicates with AD, it will populate the domain list in the drop down box
for you based on what trusts the domain is aware of.
How Interactive Logon Works
http://technet.microsoft.com/en-us/l.../cc780332.aspx

I canexplain further, if you would like a complete technical breakdown of
the DC locator process, the SRV records involved, what each SRV record means
and what it does for the domain, the client, etc. It's some good reading,
and it will explain a lot, but many choose not to read it because of the
length of it.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Hello UselessUser,

This 3 part post by Jorge will answer your questions in great detail,

http://blogs.dirteam.com/blogs/jorge...k8-part-1.aspx

Isaac Oben [MCTIP:EA, MCSE]

"UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
news:30CF5758-DD07-4612-9FCE-47E58738B709@microsoft.com...
> Hi,
>
> Just a quick query... how does a PC find domains/domain controllers...
>
> I have found this document...
>
> http://support.microsoft.com/kb/314861
>
> But it does not really explain how the domains box (At the logon screen)
> is
> populated... I understand that once that box is populated, for whatever
> domain that is selected, the dsgetdcname function is called which returns
> a
> domain controller, which can then be queried for SRV records etc etc...
>
> But how is the domains box populated, like for trusts and such??

Hi,

Ace I would love to see the full technical breakdown if possible... The link
Isaac provided also helps but I think it is difficult to fully get to grips
with unless I can see the whole picture!!

Thanks

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:30CF5758-DD07-4612-9FCE-47E58738B709@microsoft.com,
> UselessUser <UselessUser@discussions.microsoft.com>, posted the following:
> > Hi,
> >
> > Just a quick query... how does a PC find domains/domain controllers...
> >
> > I have found this document...
> >
> > http://support.microsoft.com/kb/314861
> >
> > But it does not really explain how the domains box (At the logon
> > screen) is populated... I understand that once that box is populated,
> > for whatever domain that is selected, the dsgetdcname function is
> > called which returns a domain controller, which can then be queried
> > for SRV records etc etc...
> >
> > But how is the domains box populated, like for trusts and such??
>
> The response to the question of how the long process works can be pretty
> complicated. Basically the client side DcLocator process uses queries DNS
> for GC and DC info, then the local winlogon process completes the task. The
> key to it is DNS. If using an ISP's DNS, the logon process fails because the
> ISP;s DNS has no info about the internal AD resources, domain controllers,
> etc.
>
> However, I believe the following article is a direct response to your
> question about the logon box, etc. As for trusts, part of when a client
> communicates with AD, it will populate the domain list in the drop down box
> for you based on what trusts the domain is aware of.
> How Interactive Logon Works
> http://technet.microsoft.com/en-us/l.../cc780332.aspx
>
> I canexplain further, if you would like a complete technical breakdown of
> the DC locator process, the SRV records involved, what each SRV record means
> and what it does for the domain, the client, etc. It's some good reading,
> and it will explain a lot, but many choose not to read it because of the
> length of it.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>

In news:93AD66A0-7AE2-4102-B7E5-3B1A3713C4FA@microsoft.com,
UselessUser <UselessUser@discussions.microsoft.com>, posted the following:
> Hi,
>
> Ace I would love to see the full technical breakdown if possible...
> The link Isaac provided also helps but I think it is difficult to
> fully get to grips with unless I can see the whole picture!!
>
> Thanks

Hello UselessUser,

The following contains numerous info and links, explaining the locator
process and the SRV records used and their meanings. I hope it helps.

==================================================================================================== ==
==================================================================================================== ==

SRV records and the logon process


===
SRV Resource Records

When a Windows 2000 or Windows 2003 domain controller starts up, the Net
Logon service uses dynamic updates to register SRV resource records in the
DNS database, as described in an Internet Engineering Task Force draft that
defines "A DNS RR for specifying the location of services (DNS SRV)." For
more information about this draft, see the Internet Engineering Task Force
(IETF) link on the Web Resources page at
http://windows.microsoft.com/windows...t/webresources. Follow the
links to Internet Drafts, and then use a keyword search.

The SRV record is used to map the name of a service (in this case, the LDAP
service) to the DNS computer name of a server that offers that service. In a
Windows 2000 network, an LDAP resource record locates a domain controller.

A workstation that is logging on to a Windows 2000 domain queries DNS for
SRV records in the general form:
_Service._Protocol.DnsDomainName

Active Directory servers offer the LDAP service over the TCP protocol;
therefore, clients find an LDAP server by querying DNS for a record of the
form:
_ldap._tcp.DnsDomainName


Note
The service and protocol strings require an underscore (_) prefix to prevent
potential collisions with existing names in the namespace.

_msdcs Subdomain
There are possible implementations of LDAP servers other than Windows
2000–based domain controllers. There are also possible implementations of
LDAP directory services that employ Global Catalog servers but are not
servers that are running Windows 2000. To facilitate locating Windows
2000–based domain controllers, in addition to the standard
_Service._Protocol.DnsDomainName format, the Net Logon service registers SRV
records that identify the well-known server-type pseudonyms "dc" (domain
controller), "gc" (Global Catalog), "pdc" (primary domain controller), and
"domains" (globally unique identifier, or GUID) as prefixes in the _msdcs
subdomain. This Microsoft-specific subdomain allows location of domain
controllers that have Windows 2000–specific roles in the domain or forest,
as well as the location by GUID when a domain has been renamed. To
accommodate locating domain controllers by server type or by GUID
(abbreviated "dctype"), Windows 2000–based domain controllers register SRV
records in the following form:
_Service._Protocol.DcType._msdcs.DnsDomainName

The addition of the _msdcs subdomain means that two sets of DNS names can be
used to find an LDAP server: DnsDomainName is used to find an LDAP server or
Kerberos server that is running TCP (or, in the case of a Kerberos server,
either TCP or the User Datagram Protocol [UDP]), and the subdomain
_msdcs.DnsDomainName is used to find an LDAP server that is running TCP and
also functioning in a particular Windows 2000 role. The name "_msdcs" is
reserved for locating domain controllers. The single keyword "_msdcs" was
chosen to avoid cluttering the DNS namespace unnecessarily. Other constant,
well-known names (pdc, dc, and gc) were kept short to avoid exceeding the
maximum length of DnsDomainName.

SRV Records Registered by Net Logon
The list that follows provides the definitions of the names associated with
registered SRV records. It also describes the lookup criteria supported by
each record and the checks performed by Netlogon as each record is
registered. Text in bold type denotes constant record components; text in
italic type denotes variable names.

In the descriptions of registered SRV records, DnsDomainName refers to the
DNS domain name that is used during creation of the domain controller when
the domain tree is joined or created (that is, while the computer is running
the Active Directory Installation Wizard). DnsForestName refers to the DNS
domain name of the forest root domain.

The following is a list of the owner names of the SRV records that are
registered by Net Logon. An owner name is the name of the DNS node to which
the resource record pertains.

_ldap._tcp.DnsDomainName.
Allows a client to locate a server that is running the LDAP service in the
domain named by DnsDomainName. The server is not necessarily a domain
controller — that is, the only assumption that can be made about the server
is that it supports the LDAP application programming interface (API). All
Windows 2000 Server–based domain controllers register this SRV record (for
example, _ldap._tcp.reskit.com.).
_ldap._tcp.SiteName._sites.DnsDomainName.

Allows a client to locate a server that is running the LDAP service in the
domain named in DnsDomainName in the site named by SiteName. SiteName is the
relative distinguished name of the site object that is stored in the
Configuration container in Active Directory. The server is not necessarily a
domain controller. All Windows 2000 Server–based domain controllers register
this SRV record (for example, _ldap._tcp.charlotte._sites.reskit.com.).

_ldap._tcp.dc._msdcs.DnsDomainName.
Allows a client to locate a domain controller (dc) of the domain named by
DnsDomainName. All Windows 2000 Server–based domain controllers register
this SRV record.

_ldap._tcp.SiteName._sites.dc._msdcs.DnsDomainName.
Allows a client to locate a domain controller for the domain named by
DnsDomainName and in the site named by SiteName. All Windows 2000
Server–based domain controllers register this SRV record.

_ldap._tcp.pdc._msdcs.DnsDomainName.
Allows a client to locate the server that is acting as the primary domain
controller (also known as a "PDC") in the mixed-mode domain named in
DnsDomainName. Only the PDC emulator master of the domain (the Windows
2000–based domain controller that advertises itself as the primary domain
controller to computers that need a primary domain controller) registers
this SRV record.

_ldap._tcp.gc._msdcs.DnsForestName.
Allows a client to locate a Global Catalog (gc) server for this forest. Only
domain controllers that are functioning as Global Catalog servers for the
forest named in DnsForestName register this SRV record (for example,
_ldap._tcp.gc._msdcs.reskit.com.).

_ldap._tcp.SiteName._sites.gc._msdcs.DnsForestName.
Allows a client to locate a Global Catalog (gc) server for this forest in
the site named in SiteName. Only domain controllers that are serving as
Global Catalog servers for the forest named in DnsForestName register this
SRV record (for example, _ldap._tcp.charlotte._sites.gc._msdcs.reskit.com.).

_gc._tcp.DnsForestName.
Allows a client to locate a Global Catalog (gc) server for this domain. The
server is not necessarily a domain controller. Only a server that is running
the LDAP service and functioning as the Global Catalog server for the forest
named in DnsForestName registers this SRV record (for example,
_gc._tcp.reskit.com.).


Note
In Windows 2000, a Global Catalog server is a domain controller. Other
non-Windows 2000 implementations of directory services can also register
servers as Global Catalog servers.

_gc._tcp.SiteName._sites.DnsForestName.
Allows a client to locate a Global Catalog (gc) server for this forest in
the site named in SiteName. The server is not necessarily a domain
controller. Only a server that is running the LDAP service and functioning
as the Global Catalog server for the forest named in DnsForestName registers
this SRV record (for example, _gc._tcp.charlotte._sites.reskit.com.).

_ldap._tcp.DomainGuid.domains._msdcs.DnsForestName.
Allows a client to locate a domain controller in a domain on the basis of
its GUID. A GUID is a 128-bit number that is automatically generated for
referencing objects in Active Directory — in this case, the domain object.
This operation is expected to be infrequent; it occurs only when the
DnsDomainName of the domain has changed, the DnsForestName is known, and
DnsForestName has not also been renamed (for example,
_ldap._tcp.4f904480-7c78-11cf-b057-00aa006b4f8f.domains._msdcs.reskit.com.).
All domain controllers register this SRV record.

_kerberos._tcp.DnsDomainName.
Allows a client to locate a server that is running the Kerberos KDC service
for the domain that is named in DnsDomainName. The server is not necessarily
a domain controller. All Windows 2000 Server–based domain controllers that
are running an RFC 1510–compliant Kerberos KDC service register this SRV
record.

_kerberos._udp.DnsDomainName.
Same as _kerberos._tcp.DnsDomainName, except that UDP is implied.

_kerberos._tcp.SiteName._sites.DnsDomainName.
Allows a client to locate a server that is running the Kerberos KDC service
for the domain that is named in DnsDomainName and is also in the site named
in SiteName. The server is not necessarily a domain controller. All Windows
2000 Server–based domain controllers that are running an RFC 1510–compliant
Kerberos KDC service register this SRV record.

_kerberos._tcp.dc._msdcs.DnsDomainName.
Allows a client to locate a domain controller that is running the Windows
2000 implementation of the Kerberos KDC service for the domain named in
DnsDomainName. All Windows 2000 Server–based domain controllers that are
running the KDC service (that is, that implement a public key extension to
the Kerberos v5 protocol Authentication Service Exchange subprotocol)
register this SRV record.

_kerberos.tcp.SiteName._sites.dc._msdcs.DnsDomainName.
Allows a client to locate a domain controller that is running the Windows
2000 implementation of the Kerberos KDC service for the domain that is named
in DnsDomainName and that is also in the site named in SiteName. All Windows
2000 Server–based domain controllers that are running the KDC service (that
is, that implement a public key extension to the Kerberos protocol
Authentication Service Exchange subprotocol) register this SRV record.

_kpasswd._tcp.DnsDomainName.
Allows a client to locate a Kerberos Password Change server for the domain.
All servers that provide the Kerberos Password Change service (which
includes all Windows 2000–based domain controllers) register this name. This
server at least conforms to "Kerberos Change Password Protocol." (For more
information about this draft, see the Microsoft Platform SDK link on the Web
Resources page at
http://windows.microsoft.com/windows...t/webresources. Use a keyword
search to locate the draft.) The server is not necessarily a domain
controller. All Windows 2000 Server–based domain controllers that are
running an RFC 1510–compliant Kerberos KDC service register this SRV record.

_kpasswd._udp.DnsDomainName.
Same as _kpasswd._tcp.DnsDomainName, except that UDP is implied.
If multiple domain controllers have the same criteria, multiple records
exist with the same owner name. A client that is looking for a domain
controller with specific criteria would receive all the applicable records
from the DNS server. The client would pick one of the returned records to
select a domain controller, as described in "A DNS RR for specifying the
location of services (DNS SRV)." For more information about this draft, see
the Internet Engineering Task Force (IETF) link on the Web Resources page at
http://windows.microsoft.com/windows...t/webresources. Follow the
links to Internet Drafts, and then use a keyword search.
For information about the Kerberos v5 authentication protocol and Kerberos
subprotocol extensions, see "Authentication" in this book.

Host Records for Non-SRV-Aware Clients
Net Logon registers the following DNS A records for the use of LDAP clients
that do not support DNS SRV records (that is, that are "non-SRV-aware"). The
Locator does not use these records.

The following owner names of A (host) records are registered by Net Logon:

DnsDomainName.
Allows a non-SRV-aware client to locate any domain controller in the domain
by looking up an A record. A name in this form is returned to the LDAP
client through an LDAP referral. (For more information about LDAP referrals,
see "LDAP Referrals" later in this chapter.) A non-SRV-aware client looks up
the name; an SRV-aware client looks up the appropriate SRV resource record.

gc._msdcs.DnsForestName.
Allows a non-SRV-aware client to locate any Global Catalog server in the
forest by looking up an A record. A name in this form is returned to the
LDAP client through an LDAP referral. A non-SRV-aware client looks up this
name; an SRV-aware client looks up the appropriate SRV resource record.
Netlogon also registers a DNS CNAME (alias) record for use by Active
Directory replication. The Locator does not use this record.

The owner name of the CNAME record is:
DsaGuid._msdcs.DnsForestName.
Allows a client to locate any domain controller in the forest by looking up
an A record. The only information that is known about the domain controller
is the GUID of the directory system agent (also known as the "DSA") object
for the domain controller and the name of the forest in which the domain
controller is located. This record is used to facilitate renaming a domain
controller.

Other SRV Record Content

The following information is also included in an SRV record:
Priority The priority of the server. Clients attempt to contact the server
with the lowest priority.
Weight A load-balancing mechanism that is used when selecting a target
host from those that have the same priority. Clients randomly choose SRV
records that specify target hosts to be contacted, with probability
proportional to the weight.

Port Number
The port where the server is listening for this service.

Target
The fully qualified domain name of the host computer.

The following example illustrates the combined information that is contained
in A resource records and SRV resource records. A domain controller named
Phoenix in the domain reskit.com has an IP address of 157.55.81.157. It
registers the following A records and SRV records with DNS:
phoenix.reskit.com A 157.55.81.157
_ldap._tcp.reskit.com SRV 0 0 389 phoenix.reskit.com
_kerberos._tcp.reskit.com SRV 0 0 88 phoenix.reskit.com
_ldap._tcp.dc._msdcs.reskit.com SRV 0 0 389 phoenix.reskit.com
_kerberos._tcp.dc._msdcs.reskit.com SRV 0 0 88 phoenix.reskit.com.

When the appropriate SRV records and A records are in place, a DNS lookup of
_ldap._tcp.dc._msdcs.reskit.com returns the names and addresses of all
domain controllers in the domain.
For more information about A records, SRV records, DNS, and dynamic updates,
see "Introduction to DNS" and "Windows 2000 DNS" in the TCP/IP Core
Networking Guide.


If the DCs are in a truly configured "Site", then to change the priority and
weights, you must change the registry entries under the Netlogon key. Once
changed, then it will register that info into DNS.

Logon and Authentication Technologies
http://technet.microsoft.com/en-us/l.../cc780455.aspx

Active Directory SRV Records
http://www.petri.co.il/active_directory_srv_records.htm

How to reconfigure an _msdcs subdomain to a forest-wide DNS application
directory partition when you upgrade from Windows 2000 to Windows Server
2003
http://support.microsoft.com/?id=817470

How to optimize the location of a domain controller or global catalog that
resides outside of a client's site
http://support.microsoft.com/default.aspx?kbid=306602

Authentication Topology - Configure DNS SRV records to speed authentication
(may have to registry to read the whole article):
http://www.windowsitpro.com/Articles...eID=37935&pg=4

More info on how it actually works:
http://technet2.microsoft.com/Window....mspx?mfr=true

Change the Priority for DNS SRV Records in the Registry:
http://www.microsoft.com/technet/pro...apb.mspx#EMPAC

Change the Weight for DNS SRV Records in the Registry
http://www.microsoft.com/technet/pro...apb.mspx#EWIAE

Appendix B - Active Directory General Procedures Reference
http://www.microsoft.com/technet/pro.../adogdapb.mspx

How Interactive Logon Works
http://technet.microsoft.com/en-us/l.../cc780332.aspx

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/kb/314861

Logon Process for Active Directory Domain User Account With a Windows NT 4.0
Computer Account (non-DNS, non-Kerberos)
http://support.microsoft.com/kb/319494

Local Logon Process for Windows 2000
http://support.microsoft.com/?kbid=231789

Directory Service Functions
http://msdn.microsoft.com/en-us/libr...00(VS.85).aspx

DC Locator Process in W2K, W2K3(R2) and W2K8 - PART 1
http://blogs.dirteam.com/blogs/jorge...k8-part-1.aspx


==================================================================================================== ==
==================================================================================================== ==

Hello UselessUser,

See here about the DC Locator process:
http://blogs.dirteam.com/blogs/jorge...?q=locator&p=1

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> Just a quick query... how does a PC find domains/domain controllers...
>
> I have found this document...
>
> http://support.microsoft.com/kb/314861
>
> But it does not really explain how the domains box (At the logon
> screen) is populated... I understand that once that box is populated,
> for whatever domain that is selected, the dsgetdcname function is
> called which returns a domain controller, which can then be queried
> for SRV records etc etc...
>
> But how is the domains box populated, like for trusts and such??
>