Recipe 3.22 Changing the Preference for a Domain Controller
3.22.1 Problem
You want a particular domain controller
to be used less frequently for client
requests or not at all. This may be necessary if a particular domain
controller is overloaded, perhaps due to application requests.
3.22.2 Solution
You can modify the Priority or Weight fields in SRV resource records
by modifying the registry on the domain controller. Open
regedit or regedt32 on the
domain controller and browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters. To
configure the Priority, add a REG_DWORD with the name
LdapSrvPriority. To configure the weight, add a REG_DWORD with the
name LdapSrvWeight.
After you make the change, the %SystemRoot%\System32\Config\netlogon.dns
file should be updated and the DDNS updates sent to the DNS server
within an hour. You can also restart the NetLogon service to expedite
the process.
3.22.3 Discussion
Each domain controller registers several SRV records that clients use
as part of the DC locator process to find the closest domain
controller. Two fields of the SRV record let clients determine which
server to use when multiple possibilities are returned. The Priority
field is used to dictate if a specific server or set of servers
should always be contacted over others unless otherwise unavailable.
A server with a higher priority (i.e., lower priority field value)
will always be contacted before a server with a lower priority. For
example, if DC1 has a SRV priority of 5 and DC2 has a SRV priority of
10, DC1 will always be used unless it is unavailable.
The Weight field, on the other hand, determines the percentage of
time clients should use a particular server. You can easily calculate
the percentage by dividing the weight by the sum of all Weights for
servers with the same Priority. If server's DC1,
DC2, and DC3 have Weights of 1, 2, and 3, respectively, then DC1 will
be contacted one out of six times (1 / (3 + 2 + 1) ), DC2 will be
contacted two out of every six times or 1/3 (2 / (3 + 2 + 1) ), and
DC3 will be contacted three out of every six times or 1/2( 3 / (3 + 2
+ 1 ) ). Here is an example of how the SRV records look with these
weights:
C:\>nslookup -type=SRV _ldap._tcp.dc._msdcs.rallencorp.com
Server: dns01.rallencorp.com
Address: 171.70.168.183
_ldap._tcp.dc._msdcs.rallencorp.com SRV service location:
priority = 0
weight = 1
port = 389
svr hostname = dc1.rallencorp.com
_ldap._tcp.dc._msdcs.rallencorp.com SRV service location:
priority = 0
weight = 2
port = 389
svr hostname = dc2.rallencorp.com
_ldap._tcp.dc._msdcs.rallencorp.com SRV service location:
priority = 0
weight = 3
port = 389
svr hostname = dc3.rallencorp.com
In certain situations, having this capability can come in handy. For
example, the server acting as the PDC FSMO role owner typically
receives more traffic from clients simply because of the nature of
tasks that the PDC FSMO has to handle. If you find a certain server
like the PDC FSMO has considerably higher load than the rest of the
servers, you could change the priority or weight of the SRV records
so that it is used less often during the DC locator process. You can
increase the Priority to eliminate its use unless all other domain
controllers fail. Modify the Weight to reduce how often it will
be used.
|