How uxconsole Discovers an Active Directory Site

When you register a UNIX Authentication Broker endpoint with Active Directory, by default the uxconsole utility discovers the closest Active Directory site and communicates only with domain controllers (DCs) in this site.
capamsc141
When you register a UNIX Authentication Broker endpoint with Active Directory, by default the uxconsole utility discovers the closest Active Directory site and communicates only with domain controllers (DCs) in this site.
The following process describes how uxconsole discovers the closest Active Directory site:
  1. The UNIX Authentication Broker endpoint queries the DNS for SRV (service) records in the following format:
    _ldap._tcp.dc._msdcs.
    domainName
    The DNS returns the records for DCs in the domain.
  2. The endpoint accesses Active Directory by binding and authenticating to a DC returned in the previous query.
    The endpoint can bind to any of the returned DCs.
  3. The endpoint uses an LDAP query to search Active Directory for the site in which the endpoint resides. The query uses the following filters:
    • Base Dnno value
    • ScopeBase
    • AttributeNetlogon
    • DnsDomainFully-qualified domain name
    • ntver6.00
    For example, Filter on (&(DnsDomain=example.company.com)(ntver=6.00))
    The DC returns the name of the site in which the endpoint resides.
    Note:
    The DC uses the endpoint IP address to determine the site in which the endpoint resides.
  4. The endpoint queries the DNS for SRV records in the following format:
    _ldap._tcp.
    LocalSiteName
    ._sites.dc._msdcs.
    domainName
    .
    The DNS returns the records for DCs in the site in which the endpoint resides. The endpoint communicates only with DCs in this site.