Explain to a Jr. SysAdmin what happens when a PC joins a Windows 2008 Domain

windows-server-2008 active-directory

An ideal answer would at least include:

  1. Critical configuration of the PC before it could join
  2. How the PC finds the Domain servers
  3. What happens when the PC cannot find any domain servers
  4. What connections are made from the PC to the domain
  5. How the Domain records that a machine joined the Domain
  6. How the PC drops disconnects from the Domain/AD monitors for stale connections
  7. Difference in this process between Windows 2008 R2 and previous versions of Windows Server

That is all I could think of for now but I'm sure, as answers come in, I'll think of more.


Solution 1:

I'm going to skip some detail, because the vendor docs and samba docs linked in the comments are really what you should be reading.

  • Critical configuration of the PC before it could join

You need to be on a network that can talk to the domain controllers, as well as be using either MS DNS servers or a slave the is properly replicating the MS DNS server zones.

  • How the PC finds the Domain servers

Domain controllers are identified by querying DNS for the MS SRV records - these are stored in _msdcs.<yourdomain>.tld this is all auto populated don't mess around in here unless you REALLY know what you are are doing.

  • What happens when the PC cannot find any domain servers

You can't log in with an active directory account - unless you have logged in previously (and are off the network IIRC under Win7) and are able to use cached credentials.

  • What connections are made from the PC to the domain

this Technet Document Tells you which ports need to be open, and by extension what protocols are needed to talk on an AD Netork

  • How the Domain records that a machine joined the Domain

What is called a computer account is created in Active directory, this contains a GUID for that computer as well as the machine account password.

  • How the PC drops disconnects from the Domain/AD monitors for stale connections

For the first part, you just reverse the procedure that you used to join a domain - join a work group. For the second part, it doesn't really monitor stale connections - although if you don't talk to the DC for long enough the machine password will expire and you won't be able to create a secure connection to the domain.

  • Difference in this process between Windows 2008 R2 and previous versions of Windows Server

AFAIK none

Solution 2:

  1. Umm... the PC has to have network connectivity and support being joined to a domain (Windows XP Home should go home)

  2. DNS

  3. Nothing

  4. Several: DNS, LDAP, and RPC being a few of them

  5. ? Not sure I understand what you're asking

  6. ? See number 5

  7. Don't know but I suspect it's not any different

Related

Is MySQL replication possible with different versions of MySQL
using zabbix to monitor vmware datastores
Is there a puppet cheat sheet out there? [closed]
iostat how do I set up a logging
Mass change Microsoft DNS & IIS server settings
Domain Not Resolving to Forwarded IP
Apache MaxClients Issue
Windows 2008 R2 Servers Sending Arp Requests for IPs outside Subnet
What are recommended SSH key settings?
HTTP response time profiling
SQL Server Column Level Encryption - Rotating Keys
Java: Tomcat slow serving static files?