Microsoft KB Archive/249841

From BetaArchive Wiki

Article ID: 249841

Article Last Modified on 2/28/2007



APPLIES TO

  • Microsoft Windows 2000 Professional Edition, when used with:
    • Microsoft Windows 98 Standard Edition
  • Microsoft Windows 2000 Server, when used with:
    • Microsoft Windows 98 Standard Edition
  • Microsoft Windows 2000 Advanced Server, when used with:
    • Microsoft Windows 98 Standard Edition



This article was previously published under Q249841

SUMMARY

Site awareness is a key feature in the Active Directory Client Extension (DSClient). This article describes new Microsoft Windows 98 behavior in locating domain controllers when the DSClient is installed and the user is logged on to a Microsoft Windows 2000-based domain.

Note You must install the Windows 98 DSClient package to use of the functionality that is described in this article. For additional information about installing the appropriate Active Directory Client Extension, click the following article number to view the article in the Microsoft Knowledge Base:

288358 How to install the Active Directory Client Extension


MORE INFORMATION

Windows 98 DSClient Logon Behavior


The DSClient adds the ability to discover a domain controller in the same site as the client. When a user logs on, the Directory Services DsGetDcName API function is invoked to discover the optimal domain controller. DsGetDcName uses the available name service providers to perform this task. The core Windows 98 client logon components are not DNS-aware, so domain controller discovery is carried out against the NetBIOS domain name.

If DNS is enabled, the client sends a DNS query to each DNS server it is aware of for the list of domain controllers for the NetBIOS domain name. This will fail unless the DNS and NetBIOS names of the domain are identical.

Client request:
  DNS: 0x1:Std Qry for _ldap._tcp.dc._msdcs.[NetBIOSDomainName]. of type Srv Loc on class INET addr.
Server response:
  DNS: 0x1:Std Qry Resp. Auth. NS is . of type SOA on class INET addr. : Name does not exist

The next, and typically successful name resolution attempt is through NetBIOS. A Netlogon datagram is sent to all domain controllers in the user's domain that were discovered by a standard query for the NetBIOS '1C' domain name (WINS resolution). For additional information about NetBIOS names, click the following article number to view the article in the Microsoft Knowledge Base:

163409 NetBIOS suffixes (16th character of the NetBIOS name)


Client request:
  NBT: NS: Query req. for DOMAINNAME     <1C>
WINS Server Response (list of DCs):
  NBT: NS: Query (Node Status) resp. for DOMAINNAME     <1C>, Success
Client request (one to each DC in the list):
  Netlogon: SAM LOGON request from client
DC Response:
  Netlogon: Opcode = SAM Response to SAM logon request

Windows 2000 domain controllers respond to the datagram with information that includes the domain controller's Domain Name System (DNS) domain name, the domain controller's site, the client's site, and a flag. Windows NT 4.0 domain controllers respond as they typically do without site information.

If the response from the Windows 2000 domain controller indicates that client is not in the same site as the domain controller, the client will retry the discovery, by using the domain controller's DNS domain name and client's site name, until any of the tasks following occurs:

  • An appropriate domain controller (one in the client's site) responds.
  • If no appropriate Windows 2000 domain controller responds, the client will randomly select a Windows 2000 domain controller.
  • If no Windows 2000 domain controller responds, a Windows NT 4.0 domain controller is selected.

The Windows 98 DSClient prefers to communicate with Windows 2000 domain controllers over Windows NT 4.0 domain controllers. The Windows 2000 domain controllers understand site concepts and can refer to other Windows 2000 domain controllers based on the client's site. The client will then attempt a normal user logon to the selected domain controller.

This functionality requires that the only protocol running on the Windows 98-based computer is NetBIOS over TCP (NetBT). NetBEUI and NwLnkNb are not allowed.

Windows 98 DSClient Password Change Behavior

In a pre-Windows 2000 domain password, changes occur only on a primary domain controller. In a Windows 2000 domain, any Windows 2000 domain controller can make the change. The Windows 98 DSClient takes advantage of this architecture by using the same mechanism to find the domain controller as is used for logon.

Windows 98 DSClient Distributed File System (DFS) Location Behavior

Windows 98 DSClient selects the domain controller based on the process that is described for logon. This domain controller is used to obtain the DFS information.

Preferred Server Registry Entry

You may specify the preferred server to log on. If you specify this entry, DS Client will honor this request for logon. The DFS and Change Password will still behave as described in this article, regardless of whether the registry is present.

Windows 98 Policy Load Balancing

By default, Windows 98-based computers query the Netlogon share of the primary domain controller (PDC) for the Config.pol file unless you set the registry manually. Windows 98 DSClient does not change this behavior.

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

185969 Domain controller on slower link may be used for domain validation


Keywords: kbinfo KB249841