The netlogon service registers all SRV resource records for the domain controller. These records appear in the _ msdcs, _ sites, _ TCP, and _ UDP folders in the forward query area of the DNS server. Other computers use these records to query information related to the Active Directory of the domain.
"Network login" System Service maintains a secure channel between the computer and the domain controller, and authenticates users and services. It passes the user's creden。 to the domain controller and then returns the user's domain security identifier and user permissions. This is usually called pass-through authentication. Network login is configured to automatically start only when the member computer or domain controller is added to the domain. In the Windows 2000 Server series and Windows Server 2003 series, "network logon" publishes a service resource locator record in DNS. When the service is running, it depends on the "server" service and the "local security organization" service to listen for incoming requests. On the Domain Member computer, "network login" uses the RPC on the named pipe. On the domain controller, it uses RPC, RPC over TCP/IP, inbox, and Lightweight Directory Access Protocol (LDAP) on the named pipe ).
System Service name: netlogon ApplicationProgramProtocol Port
NetBIOS datagram service UDP 138
NetBIOS name resolution UDP 137
NetBIOS session service tcp 139