setprfdc accntdom accsanfran1,accsanfran2,acclosang1
setprfdc accntdom accsanfran1,accsanfran2,acclosang1When NT connects to the network, a secure channel will be established to a domain controller. If the secure channel is to DC1, netlogon will authenication using that channel. If the secure channel is not with DC1, it will attempt to establish a secure channel to DC1. If it fails, it will try DC2, DC3, ... If all attempts to connect to a domain controller in the list, the secure channel which was made at boot will be used. This will have been with whichever domain controller answered first.
Re: number of domain controllers need - Microsoft's recommendation is: 1 PDC, 1 BDC for up to 5000 user accounts, 2 BDCs for 5,000-9,999, 5 BDCs for 10,000-19,999, 10 BDCs for 20,000-29,9999, ... The standard is a BDC for every 2-3,000 user accounts. Irregardless of number of accounts, I recommend a BDC in each remote location in the domain. We have about 3,000 user accounts spread across 4 locations. We have PDC & 2 BDCs in the head office, and a BDC in each of the three branch offices.
An alternative approach procedure: Add the following line to the file \WinNT\system32\drivers\etc\LMHOSTS on NT workstation. Start the line with the IP of the DC you want to force a logon to followed by the name of the domain & "n" spaces & \0x1C in quotes so that (domain name) + (spaces) = 15. Follow this by #PRE. If the target DC is at 184.108.40.206 and the domain is "ACME" the line should look like this:
If you're thinking about adding multiple lines like this don't
bother, Windows NT will ignore all but the last line. Tip lifted from Minasi'
Mastering Windows NT Server 4.
220.127.116.11 "ACME \0x1C" #PRE