MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk.
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below
to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes
Settings to Avoid WAN Traffic with Windows 2000-Based Member Computers
The Directory service client code has been changed so that queries are issued once an hour. The following methods provide information about how to create registry keys to extend this query time beyond one hour.
NOTE: The following registry keys are all of the REG_DWORD type, and should be created in:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters
NegativeCachePeriod
Unsuccessful attempts cache period.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: NegativeCachePeriod
Type: REG_DWORD
Default: 45 (45 seconds)
Range: 0-4233600 (0 to 49 days)
Specifies the amount of time that DsGetDcName remembers that a DC could not be found in a domain.
If a subsequent attempt is made within this time, the DsGetDcName call does not work, and does not try to find a DC again. If this number is too large, a client never tries to find a DC again if the DC is initially unavailable. If this number is too small, every call to DsGetDcName has to attempt to find a DC even if no DC is available. Note that the recommended value for demand-dial deployments is 84,600 seconds (1 day).
BackgroundRetryInitialPeriod
Initial DC discovery retry setting for background callers.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: BackgroundRetryInitialPeriod
Type: REG_DWORD
Default: 600 (10 minutes)
Range: 0-4233600 (0 to 49 days)
When a program runs a periodic search for DCs and is unable to find a DC, the value that is set in this policy determines the amount of time (in seconds) before the first retry. Note that this policy is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value of this policy is less than the value that is specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.
WARNING: If the value for this policy is too large, a client does not attempt to find any DCs that were initially unavailable. If the value that is set in this policy is very small and the DC is not available, the traffic that is caused by periodic DC discoveries may be excessive.
BackgroundRetryMaximumPeriod
Maximum DC discovery retry interval setting for background callers.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: BackgroundRetryMaximumPeriod
Type: REG_DWORD
Default: 3600 (60 minutes)
Range: 60-4233600 (0 to 49 days)
When a program runs a periodic search for DCs and is unable to find a DC, the value that is set in this policy determines the maximum retry interval that is allowed. For example, the retry intervals may be set at 10 minutes, then 20 minutes, and then 40 minutes, but when the interval reaches the value that is set in this policy, that value becomes the retry interval for all subsequent retries until the value that is set in the Final DC Discovery Retry setting is reached. This policy is relevant to only those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value for this policy is smaller than the value that is specified for the Initial DC Discovery Retry setting, the Initial DC Discovery Retry setting is used.
WARNING: If the value for this policy is too large, a client may take very long periods of time to try to find a DC. If the value for this policy is too small and the DC is not available, the frequent retries may produce excessive network traffic.
BackgroundRetryQuitTime
Final DC discovery retry setting for background callers.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: BackgroundRetryQuitTime
Type: REG_DWORD
Default: 0 (no retrying)
Range: 0-4233600 (0 to 49 days)
When a program runs a periodic search for DCs and is unable to find a
DC, the value that is set in this policy determines when retries are no longer allowed. For example, retries may be set to occur according to the Maximum DC Discovery Retry Interval setting, but when the value that is set in this policy is reached, no more retries occur. If a value for this policy is smaller than the value in the Maximum DC Discovery Retry Interval setting, then the value for Maximum DC Discovery Retry Interval setting is used. Note that this policy is relevant to only those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.
WARNING: If the value for this policy is too small, eventually, a client will stop trying to find a DC.
BackgroundSuccessfulRefreshPeriod
Positive periodic DC cache setting for background callers.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: BackgroundSuccessfulRefreshPeriod
Type: REG_DWORD
Default: 0 (always refresh)
Range: 0-4233600 (0 to 49 days)
Determines when a successful DC cache entry is refreshed. This policy is applied to caller programs that periodically attempt to locate DCs, and is applied before the return of DC information to the caller program. This policy is relevant to only those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.
NonBackgroundSuccessfulRefreshPeriod
Positive periodic DC cache setting for non-background callers.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value: NonBackgroundSuccessfulRefreshPeriod
Type: REG_DWORD
Default: 1800 (30 minutes)
Range: 0-4233600 (0 to 49 days - must be entered in hexadecimal)
Determines when a successful DC cache entry is refreshed. This policy is applied to caller programs that do not periodically attempt to locate DCs, and is applied before the return of DC information to the caller program. This policy is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. Note that the minimum value for this policy is to always refresh (0).
Other Important Registry Information
DfsDcNameDelay:
To reduce the frequency of domain controller queries by DFS. On the client, set the pause between queries in minutes.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
Value: DfsDcNameDelay
Type: REG_DWORD
Default: 15 (minutes)
For additional information about the MaximumPasswordAge parameter, click the article number below to view the article in the Microsoft Knowledge Base:
175468 Effects of Machine Account Replication on a Domain
Another source of WAN traffic is distribution of group policies. You can control the frequency and scope of group policy updates by using group policy settings. In an appropriate policy, define the following settings:
User/Administrative Templates/System/Group Policy
"GP Refresh Interval For Users" in minutes. Change this to a higher value such as once a day. "Group Policy Slow Link Detection" in kilobytes per second. Choose a setting that is higher than your WAN speed. Set "Disable Auto Update of ADM" to enabled.
Computer/Administrative Templates/System/Group Policy
Set "Disable Background refresh of group policy" to enabled. Set "GP Refresh Interval For Computers" to the same value as the policy for users, maybe even less frequent.