Figures A, B, and C provide a graphical view of Windows 2000 Professional’s domain controller selection process. Refer to the numbered list for a step-by-step breakdown.

  1. The client queries the DHCP server, which returns information about IP address, subnet mask, default gateway, WINS servers, and DNS servers (e.g., DNS-1).

  2. The client performs the DsGetDcName API call to the DNS server to request a list of domain controllers in the client’s domain.

  3. The DNS server returns a server resource record (SRV RR), a list of domain controllers within the client’s domain (but not necessarily within the client’s site).

  4. The client sends Lightweight Directory Access Protocol (LDAP)-over-UDP pings to the domain controllers on the SRV RR list.

  5. The domain controllers respond to pings. The client accepts the first response and ignores subsequent responses. The response includes information about the domain controller’s site, the client’s site, and the closest bit value (which will be 1 if the domain controller is in the client’s site, and 0 if the domain controller isn’t in the client’s site).

  6. If the returned closest bit value is 0, the client sends another DsGetDcName query to DNS.

  7. This time, the client had more information about its site, so DNS can respond with an SRV RR list of domain controllers in the client’s domain and site.

  8. The client sends out another round of LDAP-over-UDP pings to the domain controllers in the new list.

  9. The first domain controller to respond with a closest bit value of 1 is the closest domain controller; the client will use this domain controller for further authentication.