6.1.2.1 DC Existence

For any DC in the forest, the following objects must exist:

For the purposes of this section, an RODC object is a Domain Controller object.

Any one of these objects can be said to "represent" the DC.

Relationships:

  • The server object is the parent of the nTDSDSA object. On AD DS, the name of the server object is the computer name of the DC; on AD LDS, the name of the server object is the computer name, followed by "$", followed by the instance name of the DC.

  • On AD DS, the attribute serverReference on the server object must reference the domain controller object.

  • On AD DS, the dNSHostName attribute of the domain controller object must equal the dNSHostName attribute of the server object.

  • The dNSHostName attribute of the server object must equal the DNS hostname of the computer that is physically the DC.

  • On AD DS, every value of the servicePrincipalName attribute of the domain controller object, which has a DNS hostname as the instance name (see section 5.1.1.4, "Mutual Authentication", for SPN construction), must have an instance name equal to the dNSHostName of the domain controller object.

Show: