Windows如何找到域控制器

如果要使用域账号登录Windows机器，首先要找到域控制器。

域控制器是通过DNS查询(_ldap._tcp.dc._msdcs.<DNS domain>)来得到，在查询DNS时需要使用到DHCP Option 15 (域名)和Option 119(域名搜索列表)，或者使用用户输入的域名.

引用一个例子：

let's assume that we have the situation:

• The device receives the DNS domain fabrikam.dk in DHCP option 15 (DomainName)
• The device receives the DNS domains fabrikam.dk and dk in DHCP option 119 (DomainSearch)
• The DC is located in fabrikam.dk and can be found by locating the SRV record _ldap._tcp.dc._msdcs.fabrikam.dk
• The user signs in with Fabrikam\Jens

The device will try to locate the DC using this sequence:

• _ldap._tcp.dc._msdcs.fabrikam - takes the NetBIOS name directly - fails
• _ldap._tcp.dc._msdcs.fabrikam.fabrikam.dk - adds the DomainName value - fails
• _ldap._tcp.dc._msdcs.fabrikam.fabrikam.dk - adds first element in DomainSearch - fails
• _ldap._tcp.dc._msdcs.fabrikam.dk - adds second element in DomainSearch - success

So if dk was not added to DHCP option 119 the device would have been unable to locate a DC and hence the user couldn’t sign in and the device would have be unable to download certificates.

The conclusion is therefore: You need to configure the DNS Suffix list such that the device can construct the correct DNS domain based on the NetBIOS name used.

参考： http://blogs.technet.com/b/jenstr/archive/2008/12/08/when-do-you-need-to-use-dhcp-option-119-with-ocpe-powered-devices.aspx?wa=wsignin1.0