client and active directory

xhope 221 Reputation points
2021-09-29T03:03:13.273+00:00

we have multi domain controllers in our organization and I have several questions regarding them:

  1. How can I determine which domain controller is in use when joining a client to domain controller?
  2. if one domain controller is corrupted, how can I prevent client from connecting it when join a client to domain controller?
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,229 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,312 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 32,626 Reputation points
    2021-09-29T10:01:27.19+00:00

    Hi,

    The client is unable to detect if a reachable Domain controller is healthy or not. because the client identify the Domain controller based on DClocator process.

    The client use the DClocator process to identify the closest domain controllers. The client will try to send a ping LDAP to check if the DC is reachable and response to LDAP ping request the client will continue contacting this DC, if it's note the case , it will try first to contact another DC in same site and in the case there is no another Domain controller , it will contact another DC from another site based on site link cost.

    dc-locator-process-2

    Please don't forget to mark helpful reply as answer

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Andreas Baumgarten 103.9K Reputation points MVP
    2021-09-29T06:45:24.847+00:00

    Hi @RICK-0238 ,

    1. Simple way: If you ping on the client using the domain name you get an answer from a DC. It's most likely this DC will get the request to join the client to AD.
    2. If the DC is corrupt the DC should answer any request at all because AD service isn't running. Or what do you mean with "DC is corrupted"?

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten


  2. Jai Verma 461 Reputation points
    2021-09-29T08:46:18.5+00:00

    As @Andreas Baumgarten mentioned, Windows Client DC Discovery process only use DCs which are good and healthy, so you should not worry about it.

    Domain joining files are saved in C:\Windows\Debug\ directory, you can read the name of the Domain Controller, which was used to join the Domain.


  3. Gary Reynolds 9,406 Reputation points
    2021-09-29T23:20:14.147+00:00

    Hi Rick,

    The DC discovery processes uses the DsGetDcName API which returns the DC which will be used by subsequent AD functions. You can manually call this function to determine which DC will be returned, have a look at https://nettools.net/dsgetdcname

    Gary.

    0 comments No comments