Localizar los controladores de dominio del Directorio Activo

Servicios

El servicio de Directorio Activo es un servicio distribuido que precisa que los clientes deben ser capaces de descubrir de forma dinámica los DC (Domain Controller). Este proceso de localización de los DC se puede realizar mediante dos tipos de protocolos:

  • Protocolos que hacen uso de broadcast, como NetBIOS y mailslot. Nota: Es normal que la difusión de los broadcast esté limitada en grandes redes.
  • Protocolos que no hacen uso de broadcast, como DNS y LDAP.

En ambos casos, el proceso de descubrimiento es similar y se divide en dos fases:

  1. Los DC publican información sobre ellos mismos mediante DNS o NetBIOS.
  2. Los clientes buscan esta información para determinar los posibles DC y envían mensajes, LDAP ping o mailslot ping, para determinar la disponibilidad de los mismos.

Localizar los controladores de dominio (DC)

La entrada DNS _ldap._tcp.dc._msdcs.my-company.com permite a los clientes localizar los controladores de dominio o DC.

Ejemplo:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
C:\Users\antonio.guillen
λ nslookup
Default Server:  dcmad.my-company.com
Address:  172.26.1.30
 
>  set type=all
> _ldap._tcp.dc._msdcs.my-company.com
Server:  dcmad.my-company.com
Address:  172.26.1.30
 
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcmil.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dczar.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcfra.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcfra2.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcstg.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcstg2.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcsor2.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcmad.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcmad2.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcmex.my-company.com
_ldap._tcp.dc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcque.my-company.com

Localizar los controladores de dominio primarios (PDC)

La entrada DNS _ldap._tcp.pdc._msdcs.my-company.com permite a los clientes localizar los servidores que están actuando como controladores de dominio primarios o PDC.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
C:\Users\antonio.guillen
λ nslookup
Default Server:  dcmad1.my-company.com
Address:  172.26.1.30
 
> set type=all
> _ldap._tcp.pdc._msdcs.my-company.com
Server:  dcmad1.my-company.com
Address:  172.26.1.30
 
_ldap._tcp.pdc._msdcs.my-company.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = dcstg1.my-company.com
dcstg1.my-company.com  internet address = 10.200.1.30

Localizar el catalogo global (GC)

La entrada DNS _ldap._tcp.gc._msdcs.my-company.com permite a los clientes localizar el Catalogo Global o GC del bosque.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
C:\Users\antonio.guillen
λ nslookup
Default Server:  dcmad1.my-company.com
Address:  172.21.1.30
 
> set type=all
> _ldap._tcp.gc._msdcs.my-company.com
Server:  dcmad1.my-company.com
Address:  172.21.1.30
 
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = md-frankfurt.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3289
          svr hostname   = md-frankfurt3.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcstg5.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcstc3.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcstg4.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcsor1.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcstg1.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcstc1.my-company.com
_ldap._tcp.gc._msdcs.my-company.com    SRV service location:
          priority       = 0
          weight         = 100
          port           = 3268
          svr hostname   = dcfir1.my-company.com
dcstg5.my-company.com  internet address = 10.200.1.32
dcstc3.my-company.com  internet address = 172.22.1.31
dcstg4.my-company.com  internet address = 10.200.1.31
dcsor1.my-company.com  internet address = 172.27.2.30
dcstg1.my-company.com  internet address = 10.200.1.30
dcstc1.my-company.com  internet address = 172.22.1.30
dcfir1.my-company.com  internet address = 10.238.1.30

Localizar el servicio de Kerberos (KDC)

La entrada DNS _kerberos._tcp.dc._msdcs.my-company.com permite a los clientes localizar los DC donde se está ejecutando el servicio de Kerberos o KDC.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
C:\Users\aogg
λ nslookup
Default Server:  dcmad1.my-company.com
Address:  172.21.1.30
 
> set type=All
> _kerberos._tcp.dc._msdcs.my-company.com
Server:  dcmad1.my-company.com
Address:  172.21.1.30
 
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcsor1.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcstg1.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcstc1.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcfir1.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcstc3.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcstg5.my-company.com
_kerberos._tcp.dc._msdcs.my-company.com        SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcstg4.my-company.com
dcsor1.my-company.com  internet address = 172.27.2.30
dcstg1.my-company.com  internet address = 10.200.1.30
dcstc1.my-company.com  internet address = 172.22.1.30
dcfir1.my-company.com  internet address = 10.238.1.30
dcstc3.my-company.com  internet address = 172.22.1.31
dcstg5.my-company.com  internet address = 10.200.1.32
dcstg4.my-company.com  internet address = 10.200.1.31

Más información

Entradas de interés

Contenidos
  1. 1. Localizar los controladores de dominio (DC)
  2. 2. Localizar los controladores de dominio primarios (PDC)
  3. 3. Localizar el catalogo global (GC)
  4. 4. Localizar el servicio de Kerberos (KDC)
  5. 5. Más información