Bind some servers to a specific DC

create share 646 Reputation points
2020-08-14T01:37:36.647+00:00

Hi,

I need to bind some of my members servers to always use a specific DC for AD Authentication. How it can be done?

Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions
0 comments
Accepted answer
  1. Fan Fan 15,321 Reputation points Microsoft Vendor
    2020-08-14T02:57:19.15+00:00

    Hi,

    The most common and recommend way to specify a DC for authentication is by creating site for the servers and DC, put them into the same site.Then the servers will already contact this DC for authentication firstly .The servers or clients will contact other DCs only if this DC in the same site is unavailable.

    Or you can considered specifies the weight (or weighted priority) of this domain controller.(HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters) The weight determines the probability that a client contacts the domain controller when it selects from among domain controllers with the same priority. Domain controllers with the highest weight are most likely to be contacted.

    For more details about how to set the value, you can refer to :
    https://video2.skills-academy.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc957291(v=technet.10)?redirectedfrom=MSDN
    Note:Do the back up before any changes for the registry.

    There are some commands to specify the DC, but were temporary .Once the servers were reboot , they will contact a DC randomly.
    nltest /Server:ClientComputerName /SC_RESET:DomainName\DomainControllerName
    klist add_bind CONTOSO KDC.CONTOSO.COM

    Best Regards,

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,621 Reputation points
    2020-08-14T15:51:48.863+00:00

    Hi

    I don't recommend to modify the weight and priority of domain controllers because can impact another members servers.

    You should update your active directory site topology to help members machines to contact the closest domain controllers based on site and subnet configuration.

    For this Domain controller ,you can create a new site only for this domain controller and create a subnet for each member server x.x.x.x/32 if they are not in same subnet then , you assign all new subnet x.x.x.x/32 to new site.

    *Please don't forget to mark this reply as answer if it help you *

    0 comments