2.7.7.3.1 Locate a Domain Controller - Domain Client

  • Article

This use case describes the task of locating a domain controller. When an application on the client needs to access resources in a domain, locating a domain controller is the first step in the process.

This use case is important for other use cases and examples in which the domain client is not yet joined to the domain and the Netlogon Remote Protocol is therefore not initialized. For more information, see the preceding use cases about domain services and section 3.1.

Goal

To locate a domain controller to perform domain-oriented actions.

Context of Use

Any domain client that requires access to directory resources needs to authenticate itself to the directory. For authentication, domain clients need to be connected to one of the domain controllers that is reachable. To locate a reachable domain controller, domain clients perform this use case.

Use case diagram for locating a domain controller

Figure 40: Use case diagram for locating a domain controller

Actors

  • Domain client

    The domain client is the primary actor. It is the entity that locates and queries the domain controller and that will eventually be joined to the domain.

  • Domain controller

    The domain controller is the supporting actor that registers its capabilities, responds to inquiries about those capabilities, and ultimately joins the domain client to the domain.

  • DNS Infrastructure

    The DNS Infrastructure is a supporting actor that maintains information about domain controllers and sends that information to the domain client.

  • NetBIOS Infrastructure

    The NetBIOS Infrastructure is a supporting actor that maintains information about domain controllers and sends that information to the domain client.

Stakeholders

  • End user

    The end user wants to join a domain client to a domain so that he or she can access resources in the domain.

    The end user primarily wants to receive information that a domain controller can be located so that the domain client can be joined to the domain or to receive an error message if the domain client cannot be joined. If a domain controller cannot be located, the local state of the domain client is left unchanged.

  • Applications

    Applications enable the end user to access resources within the domain. Applications can also use domain resources autonomously.

    The primary interest of an application is that a domain controller that meets the required capabilities is located and that information about the domain controller is provided to the domain client so that the domain client can be joined to the domain. By having the domain client joined to the domain, the application can use domain resources to perform the tasks that the end user, the application itself, or other applications on the domain client initiated.

Preconditions

To locate a domain controller requires that at least one of the infrastructures, NetBIOS or DNS, is available to discover domain controllers that can satisfy the requested capabilities.

Main Success Scenario

In this scenario, the fully qualified domain name (FQDN) (2) of the domain in which the Domain Controller is to be located is available to the domain client.

  1. Trigger: This use case is triggered by operations such as joining a computer to a domain in order to locate a domain controller.

  2. The domain client uses the FQDN to query the DNS Infrastructure for the service (SRV) resource records of certain types of domain controllers, as described in [MS-ADTS] section 6.3.6.1.

  3. The DNS Infrastructure provides one or more SRV resource records of domain controllers that are of the specified type to the domain client.

  4. The domain client uses the DNS Infrastructure to resolve the names of the domain controllers in order to obtain the IP addresses. It then contacts the domain controllers via an LDAP Ping ([MS-ADTS] section 6.3.3) to determine "liveness" and to confirm that the requested capabilities are present.

  5. At least one domain controller that satisfies the domain client's requirements responds to the domain client's ping.

  6. A domain controller is chosen for use in other tasks; for example to join a domain.

Postcondition

A domain controller is located.

Extensions

None.

Variation - Locate a Domain Controller by using NetBIOS

In this scenario, only the NetBIOS domain name of the domain is available. Domain controllers in the domain have created a mailslot with a registered NetBIOS group name, as described in [MS-MAIL] section 3.1.4.1 and [MS-ADTS] section 6.3.5.

  1. The domain client queries the NetBIOS Infrastructure for NetBIOS group names that contain a list of domain controllers.

  2. The NetBIOS Infrastructure provides the NetBIOS group names.

  3. Using the NetBIOS group names, the domain client contacts the candidate domain controllers via a MAILSLOT ping ([MS-ADTS] section 6.3.5), which is sent to a NetBIOS group name ([MS-MAIL] section 3.1.4.1) that has been registered by domain controllers ([MS-ADTS] section 6.3.5).

  4. At least one domain controller that satisfies the client's requirements responds to the domain client's ping.

  5. A domain controller is chosen for use in other tasks; for example, to join a domain.