Use DNS Registration to Decrease the Workload on the PDC Emulator

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After upgrading the Windows NT 4.0 PDC, the domain controller hosts the PDC emulator operations master role. Of all the operations master roles, the PDC emulator role has the greatest effect on the domain controller that is hosting that role because the PDC emulator fulfills additional tasks in the domain, such as processing password changes, processing authentication requests if the password fails on the authenticating domain controller, and all write operations to the domain that are requested or performed by applications or by clients running Windows 2000, Windows XP, and Windows Server 2003.

In domains with more than 10,000 users, it might be necessary to reduce the number of authentication requests received by the PDC emulator and allow it to perform other tasks. If, after upgrading the Windows NT 4.0 PDC, CPU utilization is higher than 50 percent or if disk queues remain higher than two for several hours or days, reduce the number of client authentication requests that are received by the PDC emulator.

Note

  • Other factors that can increase the workload on the PDC emulator include pre-Active Directory clients or applications that have been written to contact the PDC emulator.

To reduce the number of client authentication requests that are processed by the PDC emulator, adjust its weight or its priority in the DNS environment. If you want to proportionately reduce the number of client authentication requests received by the PDC emulator, adjust its weight. If you want to ensure that the PDC emulator does not receive any client authentication requests, adjust its priority.

Active Directory assigns a default value of 100 for the weight. By creating a new registry entry for the weight and assigning it a decreased value of 50, you can proportionately reduce the number of client authentication requests that are sent to the PDC. This ensures that the PDC will authenticate half of the number of clients that it would if the weight value remained at 100.

Active Directory assigns a default value of zero for the priority. By creating a new registry entry for the priority and assigning it an increased value of 200, you can ensure that the PDC will never receive client authentication requests unless it is the only accessible domain controller.

Caution

  • The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the "Registry Reference" on the Windows Server 2003 Deployment Kit companion CD or on the Microsoft Web site.

To change the weight for DNS SRV records by using the registry

  1. In the Run dialog box, type regedit, and then press ENTER.

  2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

  3. Click Edit, click New, and then click DWORD value.

  4. For the new entry name, type LdapSrvWeight, and then press ENTER. (The value name is not case sensitive.)

  5. Double-click the entry name you just typed.

  6. In the Edit DWORD Value dialog box, select Decimal as the Base option.

  7. Enter a value between 0 and 65535 (the recommended value is 50), and then click OK.

  8. Click File, and then click Exit to close the registry editor.

Adjusting the priority of the domain controller also reduces the number of client referrals. However, rather than reducing it proportionally to the other domain controllers, changing the priority causes DNS to stop referring all clients to this domain controller unless all domain controllers with a lower priority setting are unavailable.

Note

  • A lower value entered for LdapSrvPriority indicates a higher priority. A domain controller with an LdapSrvPriority setting of 100 has a lower priority than a domain controller with a setting of 10. Therefore, clients attempt to use the domain controller with the setting of 10 first.

To change the priority for DNS SRV records by using the registry

  1. In the Run dialog box, type regedit, and then press ENTER.

  2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

  3. Click Edit, click New, and then click DWORD value.

  4. For the new entry name, type LdapSrvPriority, and then press ENTER.

  5. Double-click the entry name that you just typed.

  6. In the Edit DWORD Value dialog box, select Decimal as the Base option.

  7. Enter a value between 0 and 65535 (the recommended value is 200), and then click OK.

  8. Click File, and then click Exit to close the registry editor.

For more information about adjusting the weight or the priority of the PDC emulator, see the Active Directory link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources. Search under "Administration and Configuration Guides" and download the Active Directory Operations Guide.