Skip to main content
NetApp Knowledge Base

What is Domain Controller Discovery?

  1. Last updated
  2. Save as PDF
Views:
20,457
Visibility:
Public
Votes:
14
Category:
ontap-9
Specialty:
nas
Last Updated:

 

Applies to

ONTAP 9.3+

Answer

  • Domain Controller (DC) Discovery is an automatic procedure triggered by the Security Daemon (SecD) to identify which services are available to ONTAP.
    • It discovers all the DC's, including preferred DC's,  DC's in the local site, and all remote sites.
    • For later versions of ONTAP, DC Discovery also occurs for all known trusted Domains.
      • Contact Microsoft for more information on using Active Directory Sites and Services to manage sites to control what servers are discovered
  • ONTAP determines the optimal DC to authenticate new CIFS connections against.
    • If there are many DC's in the environment, this can take some time.
    • As a result, accessing or enumerating shares during discovery can be noticeably slow depending on the environment.
    • The discovery process will be executed automatically (without being specifically triggered by the user) in 3 scenarios:
      • Joining the SVM's CIFS server to a domain
      • Periodic discovery is performed at an ~4 hour interval, to check for possible changes on the server or LIF configuration
      • Change of Preferred DC's
  • Use the cifs domain discovered-servers commands to view and reset DC's
cluster1::> vserver cifs domain discovered-servers show

Node: node1
Vserver: vs1

Domain Name     Type     Preference DC-Name     DC-Address    Status
--------------- -------- ---------- ----------- ------------- -------
example.com     MS-LDAP  adequate   DC-1        1.1.3.4       OK
example.com     MS-LDAP  adequate   DC-2        1.1.3.5       OK
example.com     MS-DC    adequate   DC-1        1.1.3.4       OK
example.com     MS-DC    adequate   DC-2        1.1.3.5       OK
Field Description
Domain Name FQDN of the Domain 
Type
  • Unknown          The server type is not known
  • KERBEROS      Kerberos server
  • MS-LDAP          Microsoft Lightweight Directory Access Protocol (LDAP) server
  • MS-DC               Microsoft Domain Controller
  • LDAP                 Lightweight Directory Access Protocol (LDAP) server
  • NIS                     Network Information Service (NIS) server
Preference
  1. unknown   The preference level of this server is unknown
  2. preferred  This server was administratively marked as a preferred server due to its presence in the list of preferred servers
  3. favored    This server was marked as favored by the server discovery process by virtue of site membership. When marked as favored by the discovery process, it means that the Discovered domain controller is in the same site as the filer is.
  4. adequate   This server was discovered by the server discovery process and can be used, but has no preference associated with it.
DC-Name Netbios name of the Domain Controller listed in the table
DC-Address IP Adress of the Domain controller listed in the table
Status Description
OK
  • The connection to this server is usable
  • This status is shown when we have an active-ongoing connection against a server
slow
  • The connection to this server is usable
  • This status is shown when average responses are at least 2x the Round Trip Time of the fastest in the grouping
    • Round-trip time (RTT) in networking is the time it takes to get a response after you initiate a network request. 
expired
  • The connection to this server is usable
  • The connection to this server has expired.
undetermined
  • The connection to this server is usable
  • A connection to this server has not been attempted.
  • This is the default status of a server when added to discovery list
  • This server was discovered when running the discovery procedure, there has been no need to connect to it
unavailable
  • The connection to this server is NOT usable
  • TCP Communication was established, however attempts to use the service have failed
    • EXAMPLE
      • TCP Connection to LDAP succeeds
      • LDAP Bind fails for security reasons
unreachable
  • The connection to this server is NOT usable
  • This server was discovered via domain discovery
  • Attempts to use this server have failed  
  • TCP connection fails

​​​​​​
ONTAP Discovery behavior:
  • Option ' discovery-mode' is added under the command directory vserver cifs domain discovered-servers to control server discovery.
  • Three options are available for the command:
    • all - Default option. Will behave as earlier by discovering all the domain controllers in the domain.
    • site - Only DC's in the local site will be discovered.
      • This option relies on Active Directory Sites and Services being configured
    • none - Server discovery will not be done, and it will depend only on preferred DC's configured.
  • Default discovery behavior is all
  • For new CIFS configuration, 'default-site' can be provided along with the vserver cifs create command itself.
  • For existing CIFS configuration, vserver cifs modify command can be used to configure the 'default-site'. The CIFS 'default-site' will only be used as a fallback if ONTAP is unable to discover the site information due to any reason. 
  • Reset and rediscover servers after making discovery changes

Additional Information

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.