How do you force a Windows PC to logon to a specific domain controller?

There are times when an administrator would like to force a Windows client to log on to a specific domain controller. This is especially important for avoiding authentication over WAN links. Learn how to control DC logon behavior.


The following question was posted in the Technical Q&A by NateH:

"I have a client that has two physically separate buildings. They have a T1 connection between the two and have been running with one server for both buildings. Building 1 is on subnet and building 2 is on I am setting up a domain controller in the second building and was wondering how to configure the clients so that they logon/authenticate via that second DC rather than the first DC [across the WAN link]. Do I need to set it up as a second site [in Active Directory], or can I set it up as the same site?"


An excellent explanation was provided by BFilmFan (one of the most of the most prolific posters in the Technical Q&A):

"You should create an Active Directory site for building 2 and associate it with the subnet Clients locate a domain controller based upon their site information. There is a fairly thorough explanation of this on Microsoft's site. Job Aids for Windows 2003 has a worksheet that will probably impress the management folks. And an example of planning domain controller placement can be found here."


The text of discussion posts from TechRepublic members has been slightly edited for spelling, punctuation, and clarity.

Editor's Picks

Free Newsletters, In your Inbox