You may need to switch the domain controller a client computer is connecting to if you are troubleshooting a Windows domain issue. Doing so has helped me a few times to determine if there is a problematic domain controller on the network. Here’s how to force a Windows client computer to use a specific domain controller.
Find Current Domain Controller
You can grab the domain controller that the computer is currently connected to with these steps:
- Select the “Start” button.
- Type “CMD“.
- Hold “Shift” and right-click “Command Prompt“.
- Select “Run as different user“.
- Type credentials for a Domain Admin user account.
- At the Command Prompt, type:
nltest /dsgetdc:domainname
Switch Domain Controller Command
Actually switch the domain controller computer is using with these steps.
- Select the “Start” button.
- Type “CMD“.
- Hold “Shift” and right-click “Command Prompt“.
- Select “Run as different user“.
- Type credentials for a Domain Admin user account.
- At the command prompt, type:
nltest /Server:ClientComputerName /SC_RESET:DomainName\DomainControllerName
Note: This option is not permanent, as a restart of the computer may grab a different DC.
Set Domain Controller Via Registry
- Hold the Windows Key and press “R” to bring up the Windows Run dialog.
- Type “Regedit“, then press “Enter“.
- Navigate to:
- HKEY_LOCAL_MACHINE
- SYSTEM
- CurrentControlSet
- Services
- Netlogon
- Parameters
- Create a String value called “SiteName“, and set it to the domain controller you wish the computer to connect to. (i.e. DC1.domain.com)
- ClientComputerName = Name of the client computer you want to switch domain for.
- DomainName = Name of Domain.
- DomainControllerName = Computer name of domain controller.
I hope this guide has helped you switch a client PC to a specific domain controller in your environment. Please feel free to leave a comment below and detail your experience.
RSN000 says
Neither of these worked for me.
AnonyMooseUK says
very helpful, thanks. Worked for me. Had to force a client to a specific DC as sysvol is not replicating and i needed the latest GPO applied.
DirectDeals says
Thanks for spreading a fruitful awareness about the Microsoft product in such a good way.
Cristiano S. says
Great article, simple and very helpful. Thanks for sharing!
Lloyd Chircop says
We are seeing this in my environment still today, we have determined the problem to be when we decommission a DC, any computer that logs in using cached credentials and is not connected to the network will not be updated with a new DC. This variable is only updated on the machine DURING LOGON when CONNECTED to a network OR by default, windows updates the DC after 12 hours of being connected to the network. So anyone working remote that does not maintain connection to a domain for 12 hours will not be updated. We are looking into reducing this default to 8 hours and what impact it may have on our network.
Mitch Bartlett says
They will automatically point to the next available DC.
Muhammad Amir says
Hi Support, I have a question. In our environment, there are 3 domain controllers.
Two are in primary site and one in backup site for any fail over events.
In the event of failure on DC01 in which all clients are pointing too for all authentication and everything.
How is it quickly possible to point all clients to DC02 or does clients (Windows 10 laptops or Windows Servers) automatically points to DC02 if DC01 fails. I just want to prepare myself for any failures with DC01.
Please, me know appreciate it.
Dat says
It worked! thank you
Raven says
Just went through this recently. I see in the comments some had issues using NLTest.
If you need to force a client connect to a certain domain controller the command format should be like this:
c:> nltest /SERVER:client1 /SC_RESET:DOMAIN1\DC1
/SERVER: is the name of the machine you want to force a connection *from*. e.g client1
/SC_RESET is where you want to force the connection to which is the domain and domain controller in netbios format. e.g. DOMAIN\DC1
Note: this is using the NetBIOS names as opposed to DNS FQDN.
Bob Gilchrist says
Thank you!
Scott says
Please add examples of the commands being ran. I could not get your Switch Domain Controller Command to work. I keep getting a syntax error.
c:> nltest /Server:ted /SC_RESET:my.domain\dc01.my.domain
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
Robert Miltenberger says
On same PC
I ran nltest /dsgetdc:domainname and one of my DC’s was displayed
I then ran echo %logonserver% and another DC was displayed
Your thoughts.
Thanks,
Milty
Todd Bartlett says
From one Bartlett to another, thanks Mitch
Mitch Bartlett says
I would think you can deploy this via Group Policy by setting the Registry Key via GPO.
Alber says
Is it possible to deploy this registry change to all PCs via a group policy object? It seems as though most of our PCs show our DC2 as their “logon server” and I would like to force them to all be DC1 as I need to take down DC2 for some maintenance? I don’t know why they all seem to use DC2 as their login server – both DC1 and DC2 are at the same site. DC1 has the FSMO roles.
John says
I work for a large scale global company. And, once of our DC’s was having issues so we could not GPUpdate on a specific DC. The entire office was unable to receive updates.
Using this to change the DC to a known good working DC allowed me to continue to image computers without and further issues.
Thank you for this command. It’s been incredibly helpful!
Stace Hema says
Awesome work man!!! :)
Benjamin says
Thank you! Just what I was looking for!
Yinon says
Thanks Mitch!
A very effective and easy to use method.
peter says
I cannot figure out why this error is happening when trying to run against my new PDC and all the fsmo roles are moved.
I_NetLogonControl failed: Status = 1062 0x426 ERROR_SERVICE_NOT_ACTIVE
I run it against the old PDC and it goes fine….FRUSTRATING.
Mickaël says
Thank you for the info ! Tried the first option to switch the domaine controller, works really well =)