auto discovering domain controllers & Mutliplexing windowlogreceiver (#47463)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

#### Link to tracking issue
#44156 
#44423 
Introduces api to auto discover root DC based on currently joined DC and
fallback to current Joined DC if root DN cannot be determined

Consumes **Security Events** from discovered domain controllers.

<!--Describe what testing was performed and which tests were added.-->
#### Testing

Test on local having an AD System. 

<img width="1220" height="915" alt="Screenshot 2026-02-22 at 11 59
14 AM"
src="https://github.com/user-attachments/assets/4e4fdb82-35df-4f9c-b022-14c54fff2dc3"
/>



**Security Event Consumption when remote is true but feature gate is
false**

<img width="1276" height="670" alt="Screenshot 2026-04-08 at 4 42 09 PM"
src="https://github.com/user-attachments/assets/6feb6857-7db5-48ee-902c-11b062409bba"
/>

**Security Event Consumption when remote is true and feature gate is
true**

<img width="1276" height="670" alt="Screenshot 2026-04-08 at 4 45 03 PM"
src="https://github.com/user-attachments/assets/f635604a-d55c-4a96-9ecd-2ee99d0f433d"
/>





<!--Describe the documentation added.-->
#### Documentation
Added details in changelog. Feature gate documentation is available via
metadata doc generated



## New Test Cases for Domain Controller Discovery Feature


Added Tcs In receiver_windows_discovery_test.go

Author: pankaj101A

.chloggen/windowseventlogreceiver-dc-autodiscovery-support.yaml

@@ -0,0 +1,31 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: receiver/windowseventlog
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add `discover_domain_controllers` config flag to automatically discover and collect Security events from Active Directory domain controllers based on feature gate domainControllers.autodiscovery.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues:  [44156, 44423]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  When `discover_domain_controllers` in config  and `domainControllers.autodiscovery` feature gate is set `true` , the receiver queries LDAP Root DSE to
+  discover the root domain path, enumerates all domain controllers in the Active Directory
+  forest, and creates receiver for each domain controller.
+  Falls back to the currently joined DC if the root DN cannot be determined.
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []

receiver/windowseventlogreceiver/README.md

@@ -48,6 +48,8 @@ This receiver tails and parses logs from windows event log API using the
 | `resolve_sids.enabled`              | `false`      | If `true`, automatically resolves SIDs to user and group names in Windows event logs.                                                                                                                                          |
 | `resolve_sids.cache_size`           | `10000`      | Maximum number of SID-to-name mappings to cache in memory. Older entries are evicted using LRU policy.                                                                                                                         |
 | `resolve_sids.cache_ttl`            | `15m`        | Time-to-live for cached SID mappings. After this duration, SIDs will be re-resolved from the Windows LSA API.                                                                                                                  |
+| `discover_domain_controllers`       | `false`      | Automatically discover and collect  events from Active Directory domain controllers.                                                                                                                                           |
+
 
 ### Feature Gates
 

receiver/windowseventlogreceiver/config.schema.yaml

@@ -17,6 +17,9 @@ $defs:
 description: WindowsLogConfig defines configuration for the windowseventlog receiver
 type: object
 properties:
+  discover_domain_controllers:
+    description: DiscoverDomainControllers controls whether to attempt auto-discovery of domain controllers for joined machines with remote credentials
+    type: boolean
   resolve_sids:
     description: ResolveSIDs contains configuration for SID-to-username resolution
     $ref: resolve_si_ds_config

receiver/windowseventlogreceiver/documentation.md

@@ -0,0 +1,13 @@
+[comment]: <> (Code generated by mdatagen. DO NOT EDIT.)
+
+# windowseventlog
+
+## Feature Gates
+
+This component has the following feature gates:
+
+| Feature Gate | Stage | Description | From Version | To Version | Reference |
+| ------------ | ----- | ----------- | ------------ | ---------- | --------- |
+| `domainControllers.autodiscovery` | alpha | When enabled and is remote automatically discover domain controllers through joined controllers and  start collecting logs from specified channel. | v0.150.0 | N/A | [Link](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues/44156) |
+
+For more information about feature gates, see the [Feature Gates](https://github.com/open-telemetry/opentelemetry-collector/blob/main/featuregate/README.md) documentation.

receiver/windowseventlogreceiver/go.mod

@@ -3,6 +3,8 @@ module github.com/open-telemetry/opentelemetry-collector-contrib/receiver/window
 go 1.25.0
 
 require (
+	github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e
+	github.com/go-ldap/ldap/v3 v3.4.13
 	github.com/open-telemetry/opentelemetry-collector-contrib/internal/coreinternal v0.149.0
 	github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza v0.149.0
 	github.com/stretchr/testify v1.11.1
@@ -20,17 +22,20 @@ require (
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	go.opentelemetry.io/collector/component/componenttest v0.149.1-0.20260408002112-999af6320692
 	go.opentelemetry.io/collector/consumer/consumertest v0.149.1-0.20260408002112-999af6320692
+	go.opentelemetry.io/collector/featuregate v1.55.1-0.20260408002112-999af6320692
 	go.opentelemetry.io/collector/pdata v1.55.1-0.20260408002112-999af6320692
 	go.opentelemetry.io/collector/receiver/receivertest v0.149.1-0.20260408002112-999af6320692
 	go.uber.org/zap v1.27.1
 )
 
 require (
+	github.com/Azure/go-ntlmssp v0.1.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/elastic/lunes v0.2.0 // indirect
 	github.com/expr-lang/expr v1.17.8 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
@@ -56,7 +61,6 @@ require (
 	go.opentelemetry.io/collector/consumer/xconsumer v0.149.1-0.20260408002112-999af6320692 // indirect
 	go.opentelemetry.io/collector/extension v1.55.1-0.20260408002112-999af6320692 // indirect
 	go.opentelemetry.io/collector/extension/xextension v0.149.1-0.20260408002112-999af6320692 // indirect
-	go.opentelemetry.io/collector/featuregate v1.55.1-0.20260408002112-999af6320692 // indirect
 	go.opentelemetry.io/collector/internal/componentalias v0.149.1-0.20260408002112-999af6320692 // indirect
 	go.opentelemetry.io/collector/pdata/pprofile v0.149.1-0.20260408002112-999af6320692 // indirect
 	go.opentelemetry.io/collector/pipeline v1.55.1-0.20260408002112-999af6320692 // indirect
@@ -68,6 +72,7 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
 	gonum.org/v1/gonum v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect