Auto-Detection of Offline Domain Controller and Global Catalog

The AD Bridge authentication service, lsass, manages site affinity for domain controllers and global catalogs and caches the information with netlogon. When a computer is joined to Active Directory, netlogon determines the optimum domain controller and caches the information.

If the primary domain controller goes down, lsass automatically detects the failure and switches to another domain controller and another global catalog within a minute.

However, if another global catalog is unavailable within the forest, the AD Bridge agent will be unable to find the Unix and Linux information of users and groups. The AD Bridge agent must have access to the global catalog to function. Therefore, we recommend that each forest has redundant domain controllers and redundant global catalogs.