Active Directory Sites

AD Site Awareness

NoMAD is AD site-aware and will use them when determining which AD Domain Controller (DC) to use.

What Is a “Site”?

Active Directory uses sites to best determine what the closest DC to your system is. Sites are listed within AD by their CIDR network address, e.g. 192.168.128.0/23. AD specifies the name of a site to be used under each of these subnet objects. The site name corresponds to a site object which lists DCs that should be used within that particular site.

How Does NoMAD Work With Sites?

When first discovering what DCs exist for a network, NoMAD does a DNS SRV record lookup for that domain.

dig +short -t SRV _ldap._tcp.domain.com

This returns a list of DCs that are authoritative for that AD Domain. NoMAD then takes the highest ranked server and perform an LDAP Ping to that server. The reply to the ping contains a number of telematics about the AD environment, including what site the client should be in based upon how that client is reaching the DC.

If a site is found, NoMAD re-queries for SRV records specific to the DNS site.

dig +short -t SRV _ldap._tcp.site._sites.domain.com

NoMAD then checks the results of the lookup for TCP and LDAP connectivity.

After finding a DC that works, NoMAD continues to use it until a network change occurs, at which point the process will start all over again. If that server stops responding at any time, NoMAD will go to the next server from the DNS lookup results, organized by weight, and attempt to use that one.