loadbalancing Domain Controllers

Based on what element a user will authenticate to DC1 or DC2 or DC3 if all DCs are in the same Active Directory Site ?

I know when DCs are in different site it is another story

But Still not clear..

if we have 10 DCs in one Active Directory Site.
If User1 logins in to the domain, then based on what element, that this users will be authenticated by DC1 or DC7 or DC9

The client will send out an LDAP ping during the location process, the DC that replies first to this ping will be the one that will be used to log into the domain... That's basically the gist, nothing special about it.

It all comes down to which DC replies the fastest.

You can read more about how the process works here, it's not recent but it will give you an idea on how it works.

OK...so there is no such Load Balancing..
Any available DC will respond..

Usually if you get authenticated by DC04, most of your future logins will be authenticated by DC04, till probably DC04 is rebooted ...it remembers your credentials...
If that's the case, I believe implementing  Load balancer will make sense, it will force each login to go to a separate DC.

Well, you're entitled to your opinion of course, I'm not convinced :-)

If you want to read up on it, here's a nice blog post someone wrote regarding load balancers and domain controllers.

we have some of our DC's behind a Citrix Netscaler to host a VIP for LDAP servers for various third party applications .

@compdigit yes, third party apps using ldap authentication for sure we have plenty of those using an F5 load balancer, but for regular clients?

The scenario is all DCs are in one AD site..

Would the authentication be load balanced between all DCs even without Load balancer in place??

If we are talking workstations/clients then yes, the DCs are "load balanced" on that site, If one DC should fails a request would be broadcasted by the client, the first of the other DCs to respond is than the DC the client would use... This is of course high level, there's a little more to it.

spravtek
I guess you are talking about fault tolerance.

Load balancing means the Load is somewhat distributed evenly between DCs..

if 100 users login at the same time then if we have 4 DCs , each 50 users should be authenticated by 1 DC
I guess it is not possible without Load Balancer.

Who's to say they will not be somewhat evenly dispersed over the DCs? It's not that 100 clients, in your example, will have the same DC when they send out a broadcast, I doubt it very much.

There's probably a way to test this :-)

Do you think a client that is in the same subnet as DC1 will go to another subnet where DC2 is located and get authenticated ?
We are talking all DCs are in one Active Directory site

Thank you Guys..I will come back to this topic later,