CNAME for Active Directory domain controller

Grim

1/31/24, 4:29 PM

So my question is - is there any concern to add a CNAME for one domain controller to provide to copiers and other internal sites/applications?

I read that Active Directory doesn't truly "need" a load balancer so if that's true then providing a "VIP" via CNAME to one specific IP would accomplish my goals.

Example: CNAME Ldap.example.com 10.1.1.2
Existing: domain controller: A dc1.example.com 10.1.1.2

Or is there a better way to accomplish what I'm after?

Thank you!

434

1 + 3

domain-name-system

active-directory

internal-dns

Semicolon

1/31/24, 7:44 PM

Curious to know the use case; seems it could also be accomplished with setup of AD Sites to ensure a VIP would be able to hit the "nearest" DC at any time.

twconnell

2/4/24, 12:37 AM

Kerberos authentication is going to require an SPN registration for that alias.

Grim

2/8/24, 12:32 PM

Sorry all! I'm not sure why I didn't get email notifications I'm just thinking I could give copiers one specific DNS name instead of the local AD/DNS server as one example. This is more of a "nice to have" but I figured some type of "VIP" type setup would be ideal in case the "local DC" is down. The other scenario I can more readily think of as well is internally we use GCDS (Google's Directory Sync Service and you have to specify an IP or hostname in the config file to query AD with). I'll have to look at adding a SPN registration for the alias but theoretically that will work?

Score:0

Server

Greg Askew

1/31/24, 8:02 PM

This depends on the application. If your application(s) only need to query for the occasional infrequently changed attribute or authenticate users, that may work.

Active Directory technically does not support using a load balancer. This is due to how the primary mechanism for interacting with AD using LDAP (DirectorEntry) contains a reference to the specific domain controller it is using. This is particularly important for creating objects and updating attributes.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: CNAME for Active Directory domain controller

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.