Philip Morgan pmorgan at nhnashville.com
Thu Mar 5 15:37:20 GMT 1998

Following is an excerpt from a Microsoft article entitled "Inside LAN
Manager."  While this was clearly not written with NT in mind, there are
many LanMan holdovers in SMB and NT domain functions in general.  Thus,
this information may be relevant.  I have not verified this with NT4.0,
however...  I hope this helps (and is not a waste of bandwidth)!

<Begin Excerpt>
When the Netlogon service is started on a server, the server sends out a
NetGETDC00 request on \\mailslot\net\netlogon. All of the other servers in
the domain that are running the netlogon service will be listening on this
mailslot. If there is a primary domain controller in the domain, it will
respond. If there is no primary domain controller in the domain, the server
will check if it was a primary domain controller or if it knows of another
primary domain controller that may not be available on the network at this
time. The netlogon service can start even when there is no primary domain
controller currently on the network, as long as the server has knowledge of
any previously existing Primary domain controller. In such a case, the
server will start the netlogon service in Deferred authentication mode. If
the server itself is the primary domain controller, it announces its
presence as a primary domain controller on \\mailslot\net\netlogon. All
other servers running netlogon will be listening on the mailslot. The
opcode in this mailslot is LOGON_START_PRIMARY.  This opcode is not visible
in the sniffer trace or the SMBtrace. At this time, if the primary domain
controller name registered with the other server is different than this
server, they will request a UAS synchronization through. At Netlogon
startup time, the server will also send out a LOGON_CENTRAL_QUERY opcode in
\\mailslot\net\netlogon to find out if there are any downlevel (LM1.0)
servers on the network. All of this communication takes place using
\\mailslot\net\netlogon with different opcodes. The sniffer traces and
smbtrace will not show the opcodes. 
<End Excerpt>

-- Philip Morgan, MCSE/MCT (and big Linux fan!).

> From: Danny Braniss <danny at cs.huji.ac.il>
> To: Multiple recipients of list <samba-ntdom at samba.anu.edu.au>
> Subject: PDC
> Date: Thursday, March 05, 1998 1:42 AM
> One thing that keeps bothering me, how does Samba - or MS - ensure the
> only one PDC for a given domain exists?
> 	danny

More information about the samba-ntdom mailing list