Bind some servers to a specific DC

Question

Hi,

I need to bind some of my members servers to always use a specific DC for AD Authentication. How it can be done?

Thanks.

Answer 1

Hi，

The most common and recommend way to specify a DC for authentication is by creating site for the servers and DC, put them into the same site.Then the servers will already contact this DC for authentication firstly .The servers or clients will contact other DCs only if this DC in the same site is unavailable.

Or you can considered specifies the weight (or weighted priority) of this domain controller.(HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters) The weight determines the probability that a client contacts the domain controller when it selects from among domain controllers with the same priority. Domain controllers with the highest weight are most likely to be contacted.

For more details about how to set the value, you can refer to :
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc957291(v=technet.10)?redirectedfrom=MSDN
Note:Do the back up before any changes for the registry.

There are some commands to specify the DC, but were temporary .Once the servers were reboot , they will contact a DC randomly.
nltest /Server:ClientComputerName /SC_RESET:DomainName\DomainControllerName
klist add_bind CONTOSO KDC.CONTOSO.COM

Best Regards,

Answer 2

Hi

I don't recommend to modify the weight and priority of domain controllers because can impact another members servers.

You should update your active directory site topology to help members machines to contact the closest domain controllers based on site and subnet configuration.

For this Domain controller ,you can create a new site only for this domain controller and create a subnet for each member server x.x.x.x/32 if they are not in same subnet then , you assign all new subnet x.x.x.x/32 to new site.

*Please don't forget to mark this reply as answer if it help you *