Set the order in which DCs authenticate AD accounts

What is the process to set the order in which Server 2016 domain controllers authenticate Active Directory accounts?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
Can you share more details, By default based on site configuration users AD accounts will get authenticate t oDC.
0
Michael B. SmithManaging ConsultantCommented:
In general, you don't.

This is controlled by a computer's membership in a particular AD site.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT GuyNetwork EngineerAuthor Commented:
OK, we usually have two to four domain controllers in each site.

Is there any way of giving one domain controller greater precedence in authenticating AD login requests that other domain controllers within the same AD site?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Sekar ChinnakannuStaff EngineerCommented:
You have to edit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters  based on highest value where you can set the priority for DC.
0
IT GuyNetwork EngineerAuthor Commented:
Sekar,

Can you refer me to some URL resources that explain how to do this?
0
MaheshArchitectCommented:
Above both registries are server registries and only need to be entered on dc servers
Further by default ad use dns load balancing for srv records to distribute requests among dc servers in same ad site
So ideally you don't need to that
Further see the difference between both registries
Priority registry define order in which dcs in same site should get contacted, meaning the dc with highest priority get contacted 1st, if that dc failed / down, other dc get contacted
In case of weight, dc with highest weight get contacted 1st and if it fails, find another dc with higher weight
At a time either u need to set either weight or priority but not both
Frankly speaking don't do it, it will break default dns load balancing mechanism which tries evenlly distributing authentication load amoung dcs in same site
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.