How to force a Windows client to validate its logon against the specific domain controller
In a multi-domain controller environment, client(s) sends out the request to locate a domain controller. The domain name is the NetBIOS 16 character name, where the 16th character is used by Microsoft to identify the NetBIOS type. The type for a domain controller is <C1>, so the name of the domain controller for “SEFNET” domain would be “SEFNET<C1>”. If there is a WINS server on the local network, then the client will send the request to the WINS server, if not, the local LMHOSTS file is used.
Here is an example of the LMHOSTS file:
10.0.0.10 SEFDC01 #PRE #DOM:SEFNET #Preferred DC for SEFNET.LOCAL <DC ip> <DC name> <name-to-IP> <domain name> <description>
Now, to force a client to validate its logon to a specific domain controller, you need to define the domain controller in the LMHOSTS file like it is shown in the above example. The next step is to configure the client to use the local LMHOSTS file. To do that, o the following:
- Start registry editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
- Create a new DWORD value named NodeType and set the value to 4 (this sets the network to an M-mode/mixed which means it will perform a broadcast before querying name servers for resolution). By default, a system is 1 if no WINS servers are configured (B-node/broadcast) or 8 if at least one WINS server is configured (H-node/queries name resolution first then broadcasts).
- Change value in DWORD EnableLMHOSTS to 1. If the DWORD does not exist, create one.
- Close the Registry and reboot the client