Re: The four major roles of a PDC Emulator?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 09/24/04 

Date: Fri, 24 Sep 2004 13:04:46 -0400

That is incorrect. A legacy client will authenticate to any DC listed in the 1C
record of WINS or what it can find on its broadcast subnet. It will not just
pick the PDCE.

Basically what happens is that the client will query for the 1C which will have
up to 25 DCs listed. Usually the PDC is listed twice unless you have more than
25 DCs. The client will direct a netlogon request to each and every DC, the
first DC to respond after the LAST directed request will then be recontacted by
the client and used for authentication.

If no WINS, the client will subnet broadcast for a DC and take the first that
responds.

I have seen occasions where various versions of Windows will broadcst first,
then go for the 1C record and times when I have seen it go for 1C first and then
broadcast. It has been years since I have done traces on that though so not sure
what the specific process is right now for the latest revs of the stacks.

What happens often is that a client will retrieve the WINS 1C record from the
local WINS Server which is also a DC, the list will have all of the DCs and the
TOP one in the list will be the local DC. The PDC will be one of the last listed
(I think it takes the 1C record and tacks on the 1B record at the end). So then
when the client loops through sending out the directed netlogon requests the
local DC will respond prior to the client finishing and not get used. The PDC
being the last in the list has a greater chance of being picked so it appears
all clients only use the PDC when in fact it is a timing issue.

   joe 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Phillip Renouf wrote:
> It is possible to manipulate which DC a downlevel client (like NT with no AD 
> Client installed) will authenticate to, but by default it will authenticate 
> to the PDC Emulator.
> 
> Phil
> 
> "Joe Richards [MVP]" wrote:
> 
> 
>>That page has several issues. Stick with the KB article Mike gave you.
>>
>>   joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>
>>Spin wrote:
>>
>>>Mike,
>>>
>>>Got my info from here:
>>>
>>>http://www.comptechdoc.org/os/windows/win2k/win2kadfunctions.html
>>>
>>>--
>>>Regards,
>>>Spin
>>>
>>>
>>>"Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
>>>news:enmHoPKoEHA.3788@TK2MSFTNGP10.phx.gbl...
>>>
>>>
>>>>"Steve Bruce, mct" <nospam@msn.com> wrote in message
>>>>news:u2N2XaJoEHA.3788@TK2MSFTNGP10.phx.gbl...
>>>>
>>>>
>>>>>I'm not Spin, but this article has similar language concerning point #4.
>>>>>
>>>>
>>>>Do you mean the 4th bullet
>>>>"...
>>>>The PDC emulator performs all of the functionality that a Microsoft
>>>
>>>Windows
>>>
>>>
>>>>NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based
>>>
>>>or
>>>
>>>
>>>>earlier clients.
>>>>..."
>>>>
>>>>This means things like being the source for all password changes, since
>>>>down-level clients are not aware of the multi master nature of AD (unless
>>>>you install the AD Client Extensions),
>>>>It also covers the fact that the PDC Emulator is the source of SAM based
>>>>replication for NT 4.0 or earlier BDCs as well as the source for Netlogon$
>>>>replication.
>>>>
>>>>--
>>>>
>>>>Regards,
>>>>
>>>>Mike
>>>>--
>>>>Mike Brannigan [Microsoft]
>>>>
>>>>This posting is provided "AS IS" with no warranties, and confers no
>>>>rights
>>>>
>>>>Please note I cannot respond to e-mailed questions, please use these
>>>>newsgroups
>>>>
>>>>"Steve Bruce, mct" <nospam@msn.com> wrote in message
>>>>news:u2N2XaJoEHA.3788@TK2MSFTNGP10.phx.gbl...
>>>>
>>>>
>>>>>I'm not Spin, but this article has similar language concerning point #4.
>>>>>
>>>>>
>>>>>"Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
>>>>>news:uBcQJtGoEHA.3876@TK2MSFTNGP15.phx.gbl...
>>>>>
>>>>>
>>>>>>"Spin" <spin@spin.com> wrote in message
>>>>>>news:2rcbfrF18l58dU1@uni-berlin.de...
>>>>>>
>>>>>>
>>>>>>>Experts,
>>>>>>>
>>>>>>>I am doing an examination of the four major roles of a PDC Emulator.
>>>
>>>I
>>>
>>>
>>>>>>>have
>>>>>>>come up with the following:
>>>>>>>
>>>>>>>1) Authoritative final source for password changes
>>>>>>>2) Domain master browser
>>>>>>>3) Domain master time server
>>>>>>>4) Authentication requests from all NT 4.0 clients for exchange of
>>>>>>>authentication information
>>>>>>>
>>>>>>>I am not exactly sure what #4 means, since I know for a fact NT 4.0
>>>>>>>clients
>>>>>>>can log onto any W2K or W2K3 DC and not just the PDC Emulator.
>>>>>>
>>>>>>The role of the PDC Emulator is well covered in the following PSS
>>>
>>>Article
>>>
>>>
>>>>>>(Q article) - 197132
>>>>>>http://support.microsoft.com/?id=197132
>>>>>>
>>>>>>As regards your point #4 - where did you get this text from and in what
>>>>>>context was it used ?
>>>>>>
>>>>>>--
>>>>>>
>>>>>>Regards,
>>>>>>
>>>>>>Mike
>>>>>>--
>>>>>>Mike Brannigan [Microsoft]
>>>>>>
>>>>>>This posting is provided "AS IS" with no warranties, and confers no
>>>>>>rights
>>>>>>
>>>>>>Please note I cannot respond to e-mailed questions, please use these
>>>>>>newsgroups
>>>>>>
>>>>>>"Spin" <spin@spin.com> wrote in message
>>>>>>news:2rcbfrF18l58dU1@uni-berlin.de...
>>>>>>
>>>>>>
>>>>>>>Experts,
>>>>>>>
>>>>>>>I am doing an examination of the four major roles of a PDC Emulator.
>>>
>>>I
>>>
>>>
>>>>>>>have
>>>>>>>come up with the following:
>>>>>>>
>>>>>>>1) Authoritative final source for password changes
>>>>>>>2) Domain master browser
>>>>>>>3) Domain master time server
>>>>>>>4) Authentication requests from all NT 4.0 clients for exchange of
>>>>>>>authentication information
>>>>>>>
>>>>>>>I am not exactly sure what #4 means, since I know for a fact NT 4.0
>>>>>>>clients
>>>>>>>can log onto any W2K or W2K3 DC and not just the PDC Emulator.
>>>>>>>--
>>>>>>>Regards,
>>>>>>>Spin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>
Quantcast