AD Authentication with Multiple DCs

Question

If multiple DCs are added by IP under the Authentication > Servers section, how does it work exactly? Will Sophos send all AD authenticattion requests to only one DC among the list of servers or does Sophos round-robin or use some other method to randomly select a DC for the authentication? What i'm looking for is some sort of round robin rotation or load balancing.

This thread was automatically locked due to age.

LuCar Toni · Answer

Depending on the Request, XG is trying to solve. 
 As you will configure a Domain per AD Server, you will give XG the option to filter for the domain. 
 
 Example: 
 DC1: sophos.com 
 DC2: test.com 
 
 If you login via User@sophos.com on XG, XG will only use DC1, as it already know, DC1 will be responsible for this Domain. 
 If you login via user on XG, XG cannot verify the domain, as UPN is missing. Hence it will do following: 
 DC1: user@sophos.com DC2: user@test.com - Verify if one DC respond with a bind and use the data. 
 
 If you have Multiple DCs with the same domain, XG will ask all DCs at the same time and take the first respond. ADs should have a Trust to hold the same data, if they cover the same information. The Request will be performed on LDAP level (389/636).