Configuring a DC to Register Site-Specific Records for an Additional Domain

Q: How do I configure a domain controller (DC) to register sitespecific records for an additional domain?

A: By default, a DC registers sitespecific records for its own site. If you want a DC to also register records for an additional location (e.g., perhaps a location that has no DC of its own, and you want to control where the clients authenticate against), you can instruct the DC to register for additional sites. To do so, open the Group Policy Object Editor, go to Computer Configuration, Administrative Templates, System, Net Logon, DC Locator DNS Records, and use the Sites Covered by the domain controller locator DNS SRV Records Net Logon service Group Policy settings to specify the space-delimited site names for which the DC should register records, as Figure 1 shows. If you use Group Policy, you need to ensure that the GPO applies only to the DCs you want to register; therefore, you should apply a security filter to the GPO so that only specific DCs read the policy.

You can also add site names via the registry by updating the SiteCoverage value under the HKEY_ LOCAL_MACHINESYS TEMCurrentControlSet ServicesNetlogonParam eters registry key. Enter each site on its own line.

—John Savill