How does a domain machine choose its authentication DC?

[msteder]

I am trying to figure out how a PC in a Win2003 domain that has more then one DC chooses a DC to authenticate with? I realize that DNS tells it the DC's for the domain, but now how does my computer decide to go to DC1 or DC2? Is it round robin? Can I specify a machine to always authenticate via DC1 first then try DC2 is DC1 isn't available?

 

[Spirit]

You can specify it but generally the pc will contact the least busy DC and if thats not available go looking for the next closest one.

They're not choosy about who they talk to!

Iain

 

[NetIntruder]

This is where AD Sites and services comes into play.

YOu can make a site called Corporate, for instance, and assign your valid subnets to that site. Any client machine trying to authenticate will look for a Domain Controller that is in that site.

If one isn't available, it will attempt to locate another outside of it's site.

So... if you really want to do this the easy way and you don't mind adding a new VLAN, take one of your DC's and put it into a separate subnet and assign it to a different site.

Now, i'm assuming that you only have one site of course, but if you provide some more information on your topology we can work out a decent solution for you.

~Intruder~
CEH, CISSP, MCSA/MCSE 2000/2003

 

[wjohnson63]

We directed our workstations to specific DC's by setting the priority of the desired DC's to 0 and the secondary DC to 10. It worked.

 

[msteder]

How did you set the priority of the desired DC to zero?