Active DirectoryMicrosoft TechnologiesWindows Server

Service Location (SRV) Locator Resources Records

SRV record is a DNS (Domain Name System) record used to identify the computers, servers which hosts specific servers. It also used to locate domain controllers for Active directory environment.

This is very critical in a multiple site environment.  In my last 2 articles I have explained about the multiple sites in a directory service environment. If you not read it yet you can find them in here.

Why active directory sites and subnets?

How to setup active directory sites, subnets, site-links?

One of core reason for setting up a site environment is to direct them to the nearest servers for the services to improve the network operations. For example Contoso Ltd. have its HQ located in Washington DC. And it do have a branch in London UK. They all are in same contoso.com domain and two locations are connected via 256kb dedicated link. Now if it’s the regular setup, when user A from London office log in to the computer the authentication is checked by a server in HQ which is in Washington DC. It may still work but how about if it’s have 100+ users in branch office? It will take time as well as the bandwidth from 256kb limited link. But with introducing site setup we can treat London office as different site and we can locate a domain controller in side that particular site. So users from London branch will use its own AD server to handle the authentication data. This is where SRV records comes in to the picture.

Even we knows the logical design of the network computers don’t understand them in same way. It only identifies the commands, data provided by the related services. So once workstation in London site try to communicate with DC, DC will reply with the name of the site it belongs to. Then client will make a DNS query again by passing the info including domain name and site it belongs to and locate the relevant DC for the site London rather than passing info to HQ DC.

In DNS server by default system creates 2 SRV records to locate the service Kerberos and ldap

srv1

To create SRV record, In DNS manager right click on the DNS tree location you need to create SRV and then right click. Select “Other New Records” from the list.

srv2

Then from the list select the “Service Location (SRV)” and click “Create Record” button.

srv3

In a SRV record following information can specify

Service – In here you can define the service this SRV records assign with. You can find the following list of services from the wizard.

srv4

Protocol – We can define the protocol it will use. It can be either TCP or UDP.

Priority – here we can define the service priority if the service supports this function.

Weight – This will help to define the order it should serve along with the similar type of records.

Port number – it use to define the service port number.

Host offering this service – It used to define the server offering this particular service. It needs to use FQDN.

srv5

Once created a SRV record, Netlogon service reregister the SRV records. By default it happens in every 60 minute. If these needs to update immediately you can restart the netlogon service manually to do so.

If you have any questions about the post feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *