Utilizing centrifydc.conf to limit the number of Domain Controllers listed by adclient in krb5.conf.
Question: Can the number of discovered Domain Controllers listed by adclient in krb5.conf be limited without having to blacklist/whitelist?
Answer: Using the parameter, adclient.server.try.max, in centrifydc.conf the number of Domain Controllers listed can be limited. The default value is 0, meaning that adclient will search for and receive a reply from as many DCs as it can and then list them in the krb5.conf. When a value other than 0 is provided, adclient will only find and list the number given.
(e.g. adclient.server.max.try: 30 adclient will find the closest 30 DCs and list them in the kbr5.conf file.)
This setting can also be set via Group Policy using the policy path below: "Computer Configuration" -> "Centrify Settings" -> "DirectControl Settings" -> "Network and Cache Settings" -> "Set maximum server connection attempts"
Once the setting is set, the current krb5.conf file will need to be renamed or deleted and adclient will need to be restarted to have a new kbr5.conf file created.
Be aware that this setting also limits the number of DCs that adclient tries to connect to before deciding to run in disconnected mode.