DsGetDcName and how to "attempt to use the domain controller"

Question

In my program, I am calling DsGetDcName to get a domain controller.

Microsoft's documentation for DsGetDcName says this:

By default, this function does not ensure that the returned domain controller is currently available. Instead, the caller should attempt to use the returned domain controller.

I can't ping the domain controller to "use the domain controller" as the firewall might be turned on

So, my question is...how do I "attempt to use the returned domain controller"?

#include <Windows.h>
#include <DsGetDC.h>
#include <wchar.h>
#pragma comment(lib, "NetApi32.lib")

int main()
{
    PDOMAIN_CONTROLLER_INFOW pdci{};
    ULONG flags = DS_DIRECTORY_SERVICE_REQUIRED;
    DWORD dwRet = DsGetDcNameW(NULL, NULL, NULL, NULL, flags, &pdci);
    wprintf(L"%s\n", pdci->DomainControllerName);
}

Answer 1

I assume you're getting the name of a domain controller because you want to do something with it. So just do whatever you're going to do. You don't need to do anything special.

That remark is just a warning that the first time your code does something that will contact the DC, you should handle the case where the DC is not active. In that case, you can do what the documentation goes on to say:

If the domain controller is not available, the caller should call the DsGetDcName function again, specifying the DS_FORCE_REDISCOVERY flag.

Then you can try again with that new DC.

Realistically, this will be a very rare case. The documentation of the DS_FORCE_REDISCOVERY flag explains why:

When the DS_FORCE_REDISCOVERY flag is not specified, DsGetDcName may return cached domain controller data.

So if the computer has already been using a specific DC, then DsGetDcName will return that DC without checking if it is still available. That means that, really, the only time DsGetDcName will return a DC that cannot be contacted is if the DC suddenly cannot be contacted, which could be a network issue, or even the DC being decommissioned.