There maybe times when you want to restrict client machine or member server authentication to a specific Domain Controller only. One possible reasons is that you're doing security hardening to Domain Controller or Active Directory and want to test the impact to a limited production system before going company wide.
To restrict the client or member server authentication to specific DC only, please do the following:
1. Open Active Directory Sites and Services Console.
- Create a new Site.
- Assign a proper subnet to that site.
- Move the Specific Domain Controller to that site.
2. Open Registry Editor on the client or member server.
- In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- Add the following multistring value (REG_MULTI_SZ) Value Name: SiteName
- For Value Data: TheNewSitename
3. Restart the client or member server to get the new setting. If you cannot restart the machine, you can run the following command:
nltest /dsgetdc:domainname /force