Force Workstation to authenticate to Domain Controller

Hi Experts,

Currently on AD using Windows 2012 r2 Domain Controllers. We want to do a DR test to see if users can log in if our main headwaters DC is down by being authenticated using a remote location DC.  I want to to test it on one pc and force the pc to use the secondary DC while the Headwaters DC is still up.

I have tried editing the host file using #PRE and #DOM etc, no luck, removed the headquarters DC DNS entry using only the remote DC DNS with no luck.


Client machines are Windows 7.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CESNetwork AdministratorCommented:
If you have remote site connectivity, just change the DNS to the secondary DC.
host file entry will not help here

AD auth works on AD sites to subnet assignment

computer will get authenticated with domain controller in site where computer subnet is attached

if local DC is not available, AD try to locate nearest reachable domain controller, otherwise client will get authenticated with local site DC only

U need to play with site links where site link will contains local site and DR site so that if local site DC is not available, client will get authenticated with DR DC
DR DC need to be set as alternate / secondary DC in client tcpip properties
talltreeAuthor Commented:
Hi Guys,

I have changed the DNS to only reflect the Remote DC, still authenticates to the HQ DC.

Yes, Sites links are setup  and and should work if HQ DC is not available by authenticated to the Remote DC, i am trying to test it by forcing the PC to authenticate to the remote DC while the HQ DC is still up.

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Shaun VermaakTechnical SpecialistCommented:
Please see both options listed in this previous solution. Alternatively just firewall it off with Windows firewall, AD redundant enough to just carry on to other DC
if HQ DC is up, you cannot force workstation to authenticate with remote DC unless you change the workstation subnet latching to remote site
Otherwise, no matter you set remote DC as preferred and only DNS server in client properties, its AD DC responsibility to provide authenticating DC, workstation cannot force to provide specific DC
when client request reach to DC via DNS, its 1st find out client site by looking client subnet and throw client to DC in that site
if HQ DCs are not available, then client can authenticate with remote DC as long as it is there as secondary DNS in TCP/IP properties of client

What you can do, you can force clients to authenticate with specific DC in same AD site by altering DC priority and weight
Below articles should clear the air

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
talltreeAuthor Commented:
Thanks Guys
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.