Set the order in which DCs authenticate AD accounts

IT Guy
IT Guy used Ask the Experts™
What is the process to set the order in which Server 2016 domain controllers authenticate Active Directory accounts?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Can you share more details, By default based on site configuration users AD accounts will get authenticate t oDC.
Managing Consultant
In general, you don't.

This is controlled by a computer's membership in a particular AD site.
IT GuyNetwork Engineer


OK, we usually have two to four domain controllers in each site.

Is there any way of giving one domain controller greater precedence in authenticating AD login requests that other domain controllers within the same AD site?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

You have to edit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters  based on highest value where you can set the priority for DC.
IT GuyNetwork Engineer



Can you refer me to some URL resources that explain how to do this?
Distinguished Expert 2018
Above both registries are server registries and only need to be entered on dc servers
Further by default ad use dns load balancing for srv records to distribute requests among dc servers in same ad site
So ideally you don't need to that
Further see the difference between both registries
Priority registry define order in which dcs in same site should get contacted, meaning the dc with highest priority get contacted 1st, if that dc failed / down, other dc get contacted
In case of weight, dc with highest weight get contacted 1st and if it fails, find another dc with higher weight
At a time either u need to set either weight or priority but not both
Frankly speaking don't do it, it will break default dns load balancing mechanism which tries evenlly distributing authentication load amoung dcs in same site

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial