Skip to main content
NetApp Knowledge Base

What is Domain Controller Discovery?

Last Updated:


Applies to

ONTAP 9.3+


  • Domain Controller (DC) Discovery is an automatic procedure triggered by the Security Daemon (SecD) to identify which services are available to ONTAP.
    • It discovers all the DC's, including preferred DC's,  DC's in the local site, and all remote sites.
    • For later versions of ONTAP, DC Discovery also occurs for all known trusted Domains.
      • Contact Microsoft for more information on using Active Directory Sites and Services to manage sites to control what servers are discovered
  • ONTAP determines the optimal DC to authenticate new CIFS connections against.
    • If there are many DC's in the environment, this can take some time.
    • As a result, accessing or enumerating shares during discovery can be noticeably slow depending on the environment.
    • The discovery process will be executed automatically (without being specifically triggered by the user) in 3 scenarios:
      • Joining the SVM's CIFS server to a domain
      • Periodic discovery is performed at an ~4 hour interval, to check for possible changes on the server or LIF configuration
      • Change of Preferred DC's
  • Use the cifs domain discovered-servers commands to view and reset DC's
cluster1::> vserver cifs domain discovered-servers show

Node: node1
Vserver: vs1

Domain Name     Type     Preference DC-Name     DC-Address    Status
--------------- -------- ---------- ----------- ------------- -------     MS-LDAP  adequate   DC-1       OK     MS-LDAP  adequate   DC-2       OK     MS-DC    adequate   DC-1       OK     MS-DC    adequate   DC-2       OK
Field Description
Domain Name FQDN of the Domain 
  • Unknown          The server type is not known
  • KERBEROS      Kerberos server
  • MS-LDAP          Microsoft Lightweight Directory Access Protocol (LDAP) server
  • MS-DC               Microsoft Domain Controller
  • LDAP                 Lightweight Directory Access Protocol (LDAP) server
  • NIS                     Network Information Service (NIS) server
  1. unknown   The preference level of this server is unknown
  2. preferred  This server was administratively marked as a preferred server due to its presence in the list of preferred servers
  3. favored    This server was marked as favored by the server discovery process by virtue of site membership. When marked as favored by the discovery process, it means that the Discovered domain controller is in the same site as the filer is.
  4. adequate   This server was discovered by the server discovery process and can be used, but has no preference associated with it.
DC-Name Netbios name of the Domain Controller listed in the table
DC-Address IP Adress of the Domain controller listed in the table
Status Description
  • The connection to this server is usable
  • This status is shown when we have an active-ongoing connection against a server
  • The connection to this server is usable
  • This status is shown when average responses are at least 2x the Round Trip Time of the fastest in the grouping
    • Round-trip time (RTT) in networking is the time it takes to get a response after you initiate a network request. 
  • The connection to this server is usable
  • The connection to this server has expired.
  • The connection to this server is usable
  • A connection to this server has not been attempted.
  • This is the default status of a server when added to discovery list
  • This server was discovered when running the discovery procedure, there has been no need to connect to it
  • The connection to this server is NOT usable
  • TCP Communication was established, however attempts to use the service have failed
      • TCP Connection to LDAP succeeds
      • LDAP Bind fails for security reasons
  • The connection to this server is NOT usable
  • This server was discovered via domain discovery
  • Attempts to use this server have failed  
  • TCP connection fails


ONTAP Discovery behavior:
  • Option ' discovery-mode' is added under the command directory vserver cifs domain discovered-servers to control server discovery.
  • Three options are available for the command:
    • all - Default option. Will behave as earlier by discovering all the domain controllers in the domain.
    • site - Only DC's in the local site will be discovered.
      • This option relies on Active Directory Sites and Services being configured
    • none - Server discovery will not be done, and it will depend only on preferred DC's configured.
  • Default discovery behavior is all
  • For new CIFS configuration, 'default-site' can be provided along with the vserver cifs create command itself.
  • For existing CIFS configuration, vserver cifs modify command can be used to configure the 'default-site'. The CIFS 'default-site' will only be used as a fallback if ONTAP is unable to discover the site information due to any reason. 
  • Reset and rediscover servers after making discovery changes


NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.