The NT4 design was to follow 2 paths for name resolution - unqualified (ie hostname only) names followed the NetBIOS path (basically WINS/LMHosts then DNS/Hosts), and fully qualified names went DNS first.
Win2k appears[1] to try everything via DNS/Hosts resolution first. Which makes sense. In the DNS world, when trying to resolve an unqualified name (ie hostname only), the domain suffix search order is appended, in the order listed, to attempt resolution. The primary DNS suffix for the computer (generally the DNS name of the domain to which the machine belongs) is tried first, then connection specific suffixes, and finally any other specified in the domain suffix search order (TCP/IP properties of your network connections). So, I'd go on the assumption that DNS is tried first. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA [1] I think someone sent me a TechNet article to prove it, but I didn't keep it. Bad me. > -----Original Message----- > From: Graham Turner [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 4:49 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] user logon domain controller discovery > > > scenario - windows 2000 client has established secure > channel, authenticated > using kerberos to the dns domain of which it is a member. > > what determines the locator process (wins / dns) for the > discovery of the DC > for the user logon ?? > > MS tell us that for a NetBIOS name WINS is used - > > most users unless instructed to the contrary will use on the domains > (NetBIOS) from the pick list of the logon dialog box > > does this mean that WINS is used for the DC locator ?? > > OR is there some process by the client "maps" this NetBIOS > domain name to a > DNS domain ?? and attempt to use DNS / LDAP ?? > > under NTLM / NT4 the logon request would be passed to the DC > secure channel > partner as a pass thru authentication request. (discovered by wins / > netlogon) > > this pass thru authentication process is not implemented by > Kereberos or is > it ?? > > will be glad for help on this one > > GT > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
