Hardcoding the logon domain controller

by Mitch Tulloch [Published on 26 March 2013 / Last Updated on 26 March 2013]

How to force a client computer to log on to a specific domain controller.

Problem: You want client computer SNOOPY to always use DC3, a domain controller in the contoso.com domain, for logon purposes. In Windows NT you could hard code this on the client, but this setting is no longer supported in recent versions of Windows. Is there any way you can still make this happen and force SNOOPY to have its logon request processed by DC3?

Workaround #1: Create a new site in Active Directory and move both SNOOPY and DC3 to the new site. Of course you would probably only want to do this in a test environment, so if you're in a production environment you will have to use another method.

Workaround #2: Configure the LdapSrvPriority registry setting on your domain controllers so that DC3 has the highest priority. For more info about this setting, see here:

http://technet.microsoft.com/library/cc957290

In addition you can configure the LdapSrvWeight registry setting on domain controllers to assign a weighted priority for each one:

http://technet.microsoft.com/en-us/library/cc957291

Of course, this will mean that all client computers (not just SNOOPY) will prefer DC3 for logons, and it doesn't actually guarantee DC3 will be used because if DC3 is unavailable then domain controllers with lower weighted priority will be tried in order.

Workaround #3: Give up. Logon authentication is more complicated than just contacting a single domain controller. The logon process can begin with one domain controller and then switch over part way through to a different domain controller if the first domain controller has DNS errors or replication latency or the client needs to register an application component that cannot be registered with the first domain controller and so on and so forth.

Mitch Tulloch is an eight-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see http://www.mtit.com

Featured Links