6.3 Publishing and Locating a Domain Controller
Active Directory is a distributed service, which means that when a client needs Active Directory services, it can receive those services from any of a number of equivalent DCs. Clients cannot be expected to know in advance the names of all possible suitable DCs. This implies a need for a protocol by which clients can dynamically discover which DCs are configured, operational, and reachable such that they could supply the needed services, and to choose among those DCs.
Locating a DC works differently for AD DS than for AD LDS.
The process of locating AD DS DCs is performed in two separate ways, one based on NetBIOS and mailslots, the other based on DNS and LDAP. While the network representations of the two ways are radically different, they are functionally very similar. It is worthwhile to explain the conceptual similarities and motivations before starting a detailed discussion of the differing implementation details.
The NetBIOS version is required for compatibility with older clients (such as Windows NT 4.0 operating system) that are not aware of Active Directory. Being based on NetBIOS, however, it is dependent either on network broadcasts or on the deployment of a NetBIOS Name Service (NBNS) infrastructure; broadcasts cannot be used in a wide area network where they are typically blocked. The DNS-based version makes no use of broadcasts and includes extra support for determining network locality.
Both versions of the protocol work in two phases. In the first phase, DCs publish data about themselves (in DNS, or in NBNS, or by local configuration of the responder to NetBIOS broadcasts, depending on which version of publication is being used). In the second phase, clients look up this static data to determine a set of possible DCs and then send small messages to some or all of the set, examining the responses in order to determine liveness, reachability, and suitability. Given their conceptual similarity to an Internet Control Message Protocol (ICMP) ping message, these small messages are referred to as "LDAP ping" and "mailslot ping".
Sections 6.3.1 through 6.3.7 specify the precise details about the data that servers publish about themselves. These sections also specify the precise details about the two "ping" protocols.
An AD LDS DC does not publish data about itself in name services as in the case of an AD DS DC. An AD LDS DC that is joined to an AD DS domain SHOULD publish itself by creating an object in AD DS; a client MAY then query AD DS and select an AD LDS DC based on the query results. The information that an AD LDS DC publishes about itself is described in section 6.3.8. An AD LDS DC that is not joined to an AD DS domain does not publish itself at all; a client must possess an AD LDS server's IP address or host name and port number. This protocol does not provide a means for a client to obtain this information.