2

I have a domain (myDomain.com) set up with Active Directory and 3 DCs (serverA, serverB, serverC). Each DC has a set of shares, which are accessed via UNC, such as \\server1\share1. Today I noticed that I can access one of the servers by referencing the domain instead of the server: \\myDomain.com\share1.

My question is, what attributes determine the server that can be referenced in this way?

My suspicion is that it has to do with FSMO roles. In my case, the DC that has the Schema master and Domain naming master roles is the one that can be accessed via the domain name.

Thanks for any illumination you can offer.

BCH
  • 21
  • 1
  • Actually is more to do with dns.... If you do an nslookup on just mydomain.com is should resolve to one of your domain controllers. – Drifter104 Dec 14 '18 at 16:40
  • @Drifter104, thanks for that info. So how does a DC become synonymous with the domain in DNS? – BCH Dec 14 '18 at 16:43

1 Answers1

3

All Domain Controllers are accessible in this manner as they all host the NETLOGON and SYSVOL shared folders that domain clients access. You'll connect to whichever DC name is returned in the DNS query for the domain name, which are returned in a round-robin fashion.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Thanks @joeqwerty. So is I test this over time, I should expect to see different servers? Over the last 2 days it's always been the same DC. – BCH Dec 14 '18 at 16:52
  • Are all of the DC's in the same subnet? – joeqwerty Dec 14 '18 at 18:34
  • Yep - all same subnet. I just did a test of shutting down the DC that resolves to myDomain.com and doing nslookup on the domain. nslookup fails when that server is down. – BCH Dec 14 '18 at 19:12
  • You'll likely continue to connect to the DC which handled your computers logon -- i.e. your LogonServer (echo %logonserver% / $env:LogonServer). This can change over time. – Semicolon Dec 14 '18 at 19:18
  • @Semicolon, that's probably right. I still can only see the one DC ever resolving the domain name when I do \\\\myDomain.com\share1. If joeqwerty is correct about the round-robin fashion, I would expect to see something different. – BCH Dec 14 '18 at 19:25
  • I'd suggest that you take a look at your DNS zone and make sure the relevant records exist. Nslookup would be expected to fail as it only queries the default (primary) DNS server configured on your client. If the default (primary) DNS server is down when you launch nslookup then it's going to fail. Use nslookup to query the domain name by querying each DC directly with nslookup. – joeqwerty Dec 14 '18 at 21:03