Working with domain controllers and DNS servers
Centrify agents are designed to perform the same set of DNS lookup requests that a typical Windows workstation performs to find the nearest domain controller for the local site. The DNS lookup request enables the Centrify UNIX agent to find domain controllers as they become available on the network or as the computer is relocated to another network location where different domain controllers are present. Centrify agents also use DNS to find the Kerberos service providers and the global catalog service providers for the Active Directory forest.
In a typical Windows environment, the DNS server role is updated dynamically to contain the service locater (SRV) DNS entries for Active Directory’s LDAP, Kerberos, and global catalog services, so this information is available for Centrify agents to use. However, there are some configurations of DNS that might not provide all of the SRV records for the set of domain controllers that provide Active Directory service to the enterprise. You may also run into problems if DNS for the enterprise runs on UNIX servers that cannot locate your Active Directory domain controllers. The next