How an Active Directory domain controller is located
A client belonging to the domain ''domainname'' will do a DNS lookup on LDAP._TCP.dc._msdcs.''domainname'' in order to locate a domain controller.
This can be easily tested in your own environment by starting a command shell (in any Windows NT derivate, Linux or MacOSX system) and typing (assuming that your AD domain's FQDN is "as.yourcompany.com"):
nslookup -q=any _LDAP._TCP.dc._msdcs.ad.yourcompany.com
Locating the closest DC
The following describes how the client is directed to the closest domain controller - apart from belonging to different subnets, all domain controllers are considered equal.
After the client locates a domain controller, it establishes communication by using LDAP to gain access to Active Directory. As part of that negotiation, the domain controller identifies which site the client is in based on the IP subnet of that client. If the client is communicating with a domain controller that is not in the closest (most optimal) site, the domain controller returns the name of the client's site. If the client has already tried to find domain controllers in that site (for example, when the client sends a DNS Lookup query to DNS to find domain controllers in the client's subnet), the client uses the domain controller that is not optimal. Otherwise, the client performs a site-specific DNS lookup again with the new optimal site name. The domain controller uses some of the directory service information for identifying sites and subnets.