Q: We recently experienced logon problems because one of the local domain controllers (DCs) of our child domain decided to use a remote DC of our forest's root domain instead of the local root domain DC in our branch office. How can I make sure that the local child domain DCs always point to the local branch office DC of the root domain for authentication?
A: To redirect a child domain DC's authentication traffic to the root domain, you should direct its secure channel for the root domain to the local branch office DC of the root domain. You can do so using the nltest command with the SC_reset switch, as follows:
After you run this command, use the following nltest command to verify that the secure channel has been correctly reset: