Microsoft KB Archive/306602

= How to optimize the location of a domain controller or global catalog that resides outside of a client's site =

Article ID: 306602

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard x64 Edition

-



This article was previously published under Q306602



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
The domain controller locator mechanism in Windows 2000 always prefers a domain controller that resides in the site of the client that is searching for a domain controller, which is achieved by a domain controller that registers site-specific domain controller locator DNS SRV resource records for the site in which the domain controller resides.

In addition, a domain controller may register site-specific domain controller locator DNS SRV resource records for any other sites that do not contain a domain controller in the same role (such as one that hosts the same domain, or that is a Global Catalog) to which the site of the domain controller is the closest. This ensures that clients locate the nearest domain controller in case no domain controller is located in the client's site.

For more information about this mechanism, refer to the Windows 2000 Server Resource Kit, &quot;Distributed Systems Guide&quot; book, Chapter 3 &quot;Name Resolution in Active Directory&quot;.

In a case in which all the domain controllers in the same role (hosting the same domain, or being Global Catalogs) in a particular site become unavailable, clients that are located in the same site will fail over to any other domain controller in any other site with no optimization.



MORE INFORMATION
The following information describes the recommended configuration that you should use to optimize the location of the domain controllers or global catalogs when all of the domain controllers/global catalogs that are serving a particular site become unavailable. &quot;Section I&quot; describes the configuration for hub-and-spoke topologies, and &quot;Section II&quot; describes the configuration for other topologies.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Section I: Hub-and-Spoke Topology
The following recommendations are based on the assumptions that in the hub-and-spoke topology, it is preferable that if all domain controllers/global catalogs in a satellite site become unavailable, a client that is searching for a domain controller/global catalog in that site will fail over to a domain controller/global catalog in a central hub and not in another satellite site. This solution is suitable not only for the topology with a single hub site, but also for the topologies with multiple central hubs in case it is irrelevant to which central site a satellite client will fail over.

To achieve this behavior, the domain controllers/global catalogs in the satellite offices should not register generic (non-site-specific) domain controller locator DNS records. These records are registered only by the domain controllers/global catalogs in the central hub. When clients cannot locate the domain controllers/global catalogs serving their site, they attempt to locate any domain controllers/global catalogs using these generic (non-site-specific) domain controller locator DNS records.

The following records should not be registered by the domain controllers/global catalogs in the satellite sites:
 * Windows Server 2003-based domain controllers
 * Windows 2000-based domain controllers with Service Pack 2 (SP2) or later installed, or with the hotfix that is specified in the KB article Q267855.

Windows 2000
 Start Registry Editor (Regedt32.exe). Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

 On the Edit menu, click Add Value, and then add the following registry value:

Value name: DnsAvoidRegisterRecords

Data type: REG_MULTI_SZ

Set the value to the list of the enter-delimited mnemonics that are specified in the following tables.

 Quit Registry Editor.

Windows Server 2003
To configure Windows Server 2003-based domain controllers, use the Net Logon service Group Policy &quot;DNS records not registered by the domain controllers&quot; by specifying the list of the space-delimited mnemonics that are specified in the following tables.

Reference Tables
The following tables contain mnemonics, types, and the owner names of the domain controller locator DNS records that should not be registered by the satellite domain controllers and global catalogs to optimize the domain controller location.

Domain Controller-Specific Records

Global Catalog-Specific Records

For the complete list of the domain controller locator DNS records, see the Windows 2000 Server Resource Kit, &quot;Distributed Systems Guide&quot; book, Chapter 3 &quot;Name Resolution in Active Directory&quot;. For the complete list of the domain controller locator DNS records, refer to KB article Q267855 that is referenced in this article.

Section II: Other Topologies
If the failover to the central hub(s) when local domain controllers/global catalogs become unavailable does not satisfy your requirements, you can use the following configuration.

If the clients (such as Exchange servers) in site A fail over to the domain controllers/global catalogs in site B, when domain controllers/global catalogs in site A become unavailable, then an administrator can configure some or all of the domain controllers/global catalogs in site B to register site-specific records for site A. To ensure that domain controllers/global catalogs from site B are chosen by the clients in site A only if the domain controllers/global catalogs from site A are not available, the domain controllers/global catalogs in site B that are covering site A, should register SRV records containing lower (higher in absolute value) Priority.

Note: The priority setting is applied to all SRV records that are registered by a domain controller. Therefore, the administrator should be cautious when setting a lower priority to be used by a domain controller, because it means that it will register a lower priority for the site-specific-records even for its own site.

Windows 2000
 Start Registry Editor (Regedt32.exe).</li> Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

</li> On the Edit menu, click Add Value, and then add the following registry value:

Value name: SiteCoverage

Data type: REG_MULTI_SZ

Set the value to the list of the space-delimited site names for which the domain controller should register.

</li> Quit Registry Editor.</li></ol>

Windows Server 2003
To configure Windows Server 2003-based domain controllers, use the Net Logon service Group Policy &quot;Sites Covered by the domain controller locator DNS SRV Records&quot; by specifying the list of the space-delimited site names for which the domain controller should register.

Windows 2000
 Start Registry Editor (Regedt32.exe).</li> Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

</li> On the Edit menu, click Add Value, and then add the following registry value:

Value name: GcSiteCoverage

Data type: REG_MULTI_SZ

Set the value to the list of the space-delimited site names for which the Global Catalog should register.

</li> Quit Registry Editor.</li></ol>

Windows Server 2003
To configure Windows Server 2003-based domain controllers, use the Net Logon service Group Policy &quot;Sites Covered by the global catalog locator DNS SRV Records&quot; by specifying the list of the carriage return-delineated site names for which the global catalog should register.

Windows 2000
 Start Registry Editor (Regedt32.exe).</li> Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

</li> On the Edit menu, click Add Value, and then add the following registry value:

Value name: LdapSrvPriority

Data type: REG_DWORD

Set the value to the desired value of the priority.

</li> Quit Registry Editor.</li></ol>

Windows Server 2003
To configure Windows Server 2003-based domain controllers, use the Net Logon service Group Policy &quot;Priority Set in the domain controller locator DNS SRV Records&quot;.

<div class="references_section">