Overview
Communication between domain controllers (DC) can be confusing and the technical information from Microsoft doesn’t always help. This article is an attempt to provide a simple description of the communication between two domain controllers and why machine accounts and their passwords really matter.
Domain Controllers communicate with each other using a shared secret. This is basically the local machine account and the local password hash value. The DC stores the machine name of any other domain controllers, and uses the local machine account and the stored local password hash to establish a connection and pull domain account change information to the local DC, as required. Each DC stores the other computers that are also a DC, and uses the password hash for that computer’s machine account to establish that connection each time it attempts to communicate. Every DC has a machine account (a machine account represents the entire machine, not just one person) in Active Directory, and the password hash is stored in the registry.
Continue reading “Understanding Domain Controller Shared Secrets”
Technology News and Information by SeniorDBA