Force logon to a specific domain controller

Discussion in 'Active Directory' started by mocity, Aug 11, 2004.

  1. mocity

    mocity Guest

    two questions:
    Is there a way to force a specified workstation logon to
    a specific domain controller within its own site?
    is there a way to force a specified workstation to logon
    to a specific domain controller in another site?

    I'd like to try changing some settings on my DC's but i'd
    rather not do it to all of them at once---i'd rather do
    it to one DC and test it out by forcing a group of
    workstations to log in to that specific DC and diagnose
    any problems.
    Thanks.
     
    mocity, Aug 11, 2004
    #1
    1. Advertisements

  2. mocity

    Paul Butler Guest

    Paul Butler, Aug 11, 2004
    #2
    1. Advertisements

  3. mocity

    mocity Guest

    Will this will work on a 2000 machine logging on to a 2003
    Dc?
    I tried it but it doesn't seem to be working although
    nbtstat -c shows the names I defined in LMHOSTS.
    thanks.
     
    mocity, Aug 11, 2004
    #3
  4. mocity

    mocity Guest

    okay i got it working.
    maybe it's obvious, but you have to kill DNS (and I think
    WINS also) before it chooses the DC based on the
    ip-addresss hostname #pre #dom:domain
    line.
    thanks.
     
    mocity, Aug 12, 2004
    #4
  5. Mocity,

    I think that it might be of tremendous benefit to you if you take a look at
    the following two MSKB Articles that spell out for you how a WIN2000
    Professional and a WIN XP Professional workstation locate Domain
    Controllers:

    http://support.microsoft.com/?id=247811
    http://support.microsoft.com/?id=314861

    There are a couple of things that you need to know.

    First thing is that clients making authentication requests are going to
    choose the DC with the lowest weight and, in the event of a tie, the higher
    priority. Out of the box, WIN2000 Domain Controllers have a weight of 0 and
    a priority of 100. This creates a round robin situation where each Domain
    Controller would authenticate the same number of logon requests. If you
    have two Domain Controllers, then DC01 would respond to approx. 50% of the
    authentication requests while DC02 would respond to approx. 50% of the
    authentication requests.

    If you want DC01 to respond to more authentication requests than DC02 you
    would change the priority. You could change the priority on DC01 to 80 and
    the priority on DC02 to 20, for example. In this situation DC01 would
    respond to 4x as many authentication requests as DC02.

    If you want DC01 to respond to all authentication requests - but have DC02
    available in the case that DC01 not be available - then you would change the
    weight on DC02 to anything higher than 0. For all intent and purposes, a 1
    is just as effective as a 101.

    You might also want to take a look at the following MSKB Article on how to
    set things up in a WIN2000 environment:

    http://support.microsoft.com/?id=306602

    This all is based on the correct and proper setup and configuration of Sites
    in WIN2000. You would create a Site for each location that you wanted and
    then create Subnets and associate each Subnet with the correct Site. Your
    Domain Controllers would need to be located in the correct Site....

    What are you trying to accomplish by having a specific computer's
    authentication request be handled by a specific Domain Controller in it's
    Site? and then by a Domain Controller in another Site?

    I am not sure that I understand your logic by wanting this to work for one
    specific computer but you are going to test it out with a group of
    computers? I would think that you would test things out with one computer
    and then move to the group....

    You do not mention at all your Sites configuration and the number of Domain
    Controllers that you have in each Site or what the links between each Site
    are???? Also, have you disabled the KCC and manually created everything or
    have you simply created the Site Links and let the KCC ( and it's friend the
    ISTG ) do it's thing?

    HTH,

    Cary
     
    Cary Shultz [A.D. MVP], Aug 18, 2004
    #5
  6. mocity

    brain007

    Joined:
    Apr 19, 2011
    Messages:
    13
    Likes Received:
    0
    You can change the DNS SRV record for the active directory site to change the logon domain controller for a specific site.

    Cheers,
    Windowstricks
     
    brain007, Apr 19, 2011
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.