AvoidPdcOnWan Entry
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Prevents the backup domain controller (BDC) from sending new password information to a remote primary domain controller (PDC). Also, if a client password fails to authenticate on the BDC, the BDC does not attempt to authenticate that password on the remote PDC. Instead of Net Logon, the PDC and BDC use Active Directory replication to update password information.
This entry does not affect password sharing between BDCs and PDCs residing on the same site. If the BDC and PDC are on the same site, then the BDC sends password information regardless of the value of this entry.
Setting this value to 1 can reduce wide area network (WAN) traffic between domain controllers at remote locations, but PDCs might not always have the most current password data. As a result, legitimate users might not be authenticated.
| Value | Meaning |
|---|---|
0 |
BDC sends password information to PDC in different site. |
1 |
BDC does not send password information to PDC in different site. |
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.