if you want to observe what happens in every request to resolve names (NETBIOS name) you solud use Network Monitor.
A client regularly searches for a Domain Controller also if none user is logged on.
It makes so for several resason (sync time, security renew network cache etc.).
It knows the 'DOMAIN NT' if is a member of it, in other cases it searches for the 'WORKGROUP' with the same name own.
If you capture the packets that a client send to 'every' ear by broadcast (or by WINS contact) you see directly the entire story.
In Active directory the resolution depends by factors.
If you have a client AD enabled the favorite way is by DNS 2000 resolution because this is the main value added of 2000 network (native or no).
If native the resolution is ONLY by DNS, if no after the DNS resolution you will have a request by Netbios NT ways.
(WINS, node p, broadcast etc.)
Good work
From: "Graham Turner" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: Re: [ActiveDir] user logon domain controller discovery
Date: Sun, 15 Dec 2002 17:10:34 -0000
Bob ,thanks for this mail response.
what i am attempting to get into it is how the W2K client generates the
**DomainName ** The name of the domain to be queried. This name can be
either a DNS-style name or a flat, NetBIOS-style name.
(end of para 2)
my point has been that most users will opt for a domain selection from the
logon dialog box.
does this mean then that the client will do DC locator processes based on
this as a NetBIOS name ????
OR as is my suspicion that there is an interaction between the client and
the Active directory which maps this NetBIOS style name to a DNS equivalent
so unbeknown to the end user we are looking for a DC for a DNS domain.
If this is proved NOT to be the case then it would seem that maybe we havn't
come as far down the road of losing NetBIOS and by corollary WINS as the
naming service
GT
----- Original Message -----
From: "Free, Bob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 14, 2002 11:45 PM
Subject: RE: [ActiveDir] user logon domain controller discovery
>Win2k appears[1] to try everything via DNS/Hosts resolution first. Which
makes sense.
Traces I have done support that theory for name resolution in general,
except for the DC discovery process by netlogon which appears to work just
as documented -
1. On the client (the computer that is locating the domain controller), the
Locator is initiated as a remote procedure call (RPC) to the local Net Logon
service. The Locator API (DsGetDcName) is implemented by the Net Logon
service.
2. The client collects the information that is needed to select a domain
controller and passes the information to the Net Logon service by using the
DsGetDcName API.
One of the parameters collected by the DsGetDcName API that Net Logon uses
to collect information from the client and to compose the DNS or WINS query
is **DomainName**.
**DomainName** The name of the domain to be queried. This name can be
either a DNS-style name or a flat, NetBIOS-style name.
3. The Net Logon service on the client uses the collected information to
look up a domain controller for the specified domain in one of two ways:
� For a DNS name, Net Logon queries DNS by using the IP/DNS-compatible
Locator - that is, DsGetDcName calls DnsQuery to read the SRV records and A
records from DNS after it appends an appropriate string to the front of the
domain name that specifies the SRV record.
� For a NetBIOS name, Net Logon performs domain controller discovery by
using the Windows NT 4.0-compatible Locator - that is, by using the
transport-specific mechanism (for example, WINS).
4. The Net Logon service sends a datagram to the discovered domain
controllers ("pings" the computers) that register the name. For NetBIOS
domain names, the datagram is implemented as a mailslot message. For DNS
domain names, the datagram is implemented as an LDAP UDP search.
5. Each available domain controller responds to the datagram to indicate
that it is currently operational and then returns the information to
DsGetDcName.
6. The Net Logon service returns the information to the client from the
domain controller that responds first.
7. The Net Logon service caches the domain controller information so that it
is not necessary to repeat the discovery process for subsequent requests.
Caching this information encourages the consistent use of the same domain
controller and, thus, a consistent view of Active Directory.
-----Original Message-----
From: Roger Seielstad [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 5:00 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] user logon domain controller discovery
The NT4 design was to follow 2 paths for name resolution - unqualified (ie
hostname only) names followed the NetBIOS path (basically WINS/LMHosts then
DNS/Hosts), and fully qualified names went DNS first.
Win2k appears[1] to try everything via DNS/Hosts resolution first. Which
makes sense.
In the DNS world, when trying to resolve an unqualified name (ie hostname
only), the domain suffix search order is appended, in the order listed, to
attempt resolution. The primary DNS suffix for the computer (generally the
DNS name of the domain to which the machine belongs) is tried first, then
connection specific suffixes, and finally any other specified in the domain
suffix search order (TCP/IP properties of your network connections).
So, I'd go on the assumption that DNS is tried first.
------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA
[1] I think someone sent me a TechNet article to prove it, but I didn't keep
it. Bad me.
> -----Original Message-----
> From: Graham Turner [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 13, 2002 4:49 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] user logon domain controller discovery
>
>
> scenario - windows 2000 client has established secure
> channel, authenticated
> using kerberos to the dns domain of which it is a member.
>
> what determines the locator process (wins / dns) for the
> discovery of the DC
> for the user logon ??
>
> MS tell us that for a NetBIOS name WINS is used -
>
> most users unless instructed to the contrary will use on the domains
> (NetBIOS) from the pick list of the logon dialog box
>
> does this mean that WINS is used for the DC locator ??
>
> OR is there some process by the client "maps" this NetBIOS
> domain name to a
> DNS domain ?? and attempt to use DNS / LDAP ??
>
> under NTLM / NT4 the logon request would be passed to the DC
> secure channel
> partner as a pass thru authentication request. (discovered by wins /
> netlogon)
>
> this pass thru authentication process is not implemented by
> Kereberos or is
> it ??
>
> will be glad for help on this one
>
> GT
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
