0. If you are on Windows use the Windows LDAP Library and let it handle all of this for you.
1. Determine if your application has been configured to use a specific named Domain Controller, use it.
a. For debugging purposes only
2. Determine if your application has been configured (hardcoded) to use a specific AD Site, do not Autodiscover site.
a. For debugging purposes only
3. Determine if your client has been configured (hardcoded) to use a specific AD Site, do not Autodiscover site.
a. For debugging purposes only
4. Determine if your client has "cached" a previously used AD Site.
a. Used to improve efficiency especially between reboots, app restarts.
5. If you do not have a site from the following steps, determine the site (Autodiscover) the machine is in.
6. Retrieve a list of the domain controllers which are servicing the site (previously determined) for the domain we need a domain controller for.
7. [Optional but recommended] Find the PDC for the domain (or domains) of the domain controllers you are looking at and exclude it (them) from your list of domain controllers for consideration UNLESS that is (those are) the only domain controller available.
8. Validate the list of domain controllers to produce a final list of functioning validated domain controllers sorted by validation performance and DNS SRV record priority.
9. If no valid functioning domain controllers make it through steps 1-8 then you either need to select another site (hopefully “close” to the first site) to look in for domain controllers or you need to process steps 6-8 again but with a wider focus of any domain controllers in the entire domain.
10. Use domain controller(s) from list based on previous sorting and if using multiple LDAP connections distribute LDAP requests by DNS SRV record weight.
11. Repeat the process regularly (every few hours) or anytime you hit a failure to connect or get a result set or if you detect performance is dragging.
Coming Soon: Additional posts with details.
joe
