Most companies do not understand how important a PDC is in your environment. They often oversee this role and I think in a way it is our fault to make this single role “more important” than the other roles (** for those die hearts out there please note the quotes over “more important”). With this in mind most customers go ahead and over load the PDC with other functions that it shouldn’t be running or by just purchasing under specification hardware. One of the biggest loads that I have seen on a PDC emulator in a regular environment is that DNS is configured on the server and it is being swamped by the DNS queries. You have three options (This posting is provided "AS IS" with no warranties, and confers no rights):
Option 1: (Simple)
Remove the DNS service from the server and make sure that you have updated all the TCP/IP settings on the server.
Option 2: (slightly more complex)
As always PLEASE BACKUP your registry before doing this and please note that editing the registry incorrectly could cause you system to act in unexpected ways. You can configure DNS so that a domain controller is queried less frequently than others by clients on the network. The default weight for all domain controllers is 100. By reducing this value, DNS refers clients to a domain controller less frequently based on the proportion of this value to the value of other domain controllers. So what we can do is reduce the default weight of the PDC emulator to say 50, this means that if all the other domain controllers have the default setting of 100, the PDC emulator will receive half the queries that all the other domain controllers receive. Now this default value lives inside the registry of the domain controller, the value (data type Decimal) can be from 0 through to 65535. You will need the following to perform this task:
- Domain Admins Credentials or User account with equivalent permissions (you should be using this to log onto your DC in any case!)
Follow the following Directions:
- Start > Run
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- Click > Edit > New
- Key Name: LdapSrvWeight
- Click > OK
- Double Click on the value : LdapSrvWeight
- Select > Edit DWORD Value
- Type a value from 0 -65535 (in our case 50)
- Select Decimal as the base option
- Click > OK
And you're done 🙂 But you have only configured how frequent (In relation to the other servers) your PDC emulator is queried. We still have a Priority setting on each domain controller; this is done to prevent all clients from sending all requests to a specific domain controller (in our case the PDC emulator), clients will always send queries to the domain controller with the lowest priority setting. This value is also saved in the registry and it is called: LdapSrvPriority It has the same value range and data type as the LdapSrvWeight. You will also use the exact same procedure as above (did not duplicate so that we don’t pollute the post) all you have to change is the name of the value you are adding is LdapSrvPriority and your value between 0 and 65535.
NOTE: A lower value entered for LdapSrvPriority indicates a higher priority. A domain controller with an LdapSrvPriority setting of 100 has a lower priority than a domain controller with a setting of 10. Therefore, clients attempt to use the domain controller with the setting of 100 first.
Option 3: (more business decisions involved ;))
Determine a suitable replacement for the PDC Emulator Role, and transfer (do no seize) the role to that replacement. Make sure to check the following:
- You are sure that the hardware is going to give you at least 40% more benefit than your current hardware
- You asses the impact of moving the PDC Emulator i.e. Replication and client access
- You advice the business of the PDC Emulator role and the impact (you just assessed)
- You raise a change control for the PDC Emulator reallocation
- You transfer the PDC emulator role
- You check replication traffic with repadmin and make sure it has updated in the meta data across the environment.
Have a good one Carlos Magalhaes