Netlogon Operational Flow on Domain Controllers

Upon receiving a logon request, Netlogon determines the account domain of the user being authenticated. Netlogon determines the trust link over which to send the request toward the account domain. Netlogon finds a DC in the trusted domain on that link and sets up the secure channel to that DC by using the trust password for the trusted domain. Netlogon passes the logon request through to that DC. Netlogon receives the user validation data from that DC and returns the data to the secure channel client making the logon request.

Netlogon synchronizes BDC account databases with the PDC account database.

Periodically, Netlogon changes the machine account password for the DC. On the PDC, Netlogon periodically changes trust passwords for all directly trusted domains.

Netlogon performs the aforementioned services requested by applications or administrators.