Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
MORE INFORMATION
The following information describes the recommended
configuration that you should use to optimize the location of the domain
controllers or global catalogs when all of the domain controllers/global
catalogs that are serving a particular site become unavailable. "Section I"
describes the configuration for hub-and-spoke topologies, and "Section II"
describes the configuration for other topologies.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Section I: Hub-and-Spoke Topology
The following recommendations are based on the assumptions that
in the hub-and-spoke topology, it is preferable that if all domain
controllers/global catalogs in a satellite site become unavailable, a client
that is searching for a domain controller/global catalog in that site will fail
over to a domain controller/global catalog in a central hub and not in another
satellite site. This solution is suitable not only for the topology with a
single hub site, but also for the topologies with multiple central hubs in case
it is irrelevant to which central site a satellite client will fail
over.
To achieve this behavior, the domain controllers/global
catalogs in the satellite offices should
not register generic (non-site-specific) domain controller locator
DNS records. These records are registered only by the domain controllers/global
catalogs in the central hub. When clients cannot locate the domain
controllers/global catalogs serving their site, they attempt to locate any
domain controllers/global catalogs using these generic (non-site-specific)
domain controller locator DNS records.
The following records should
not be registered by the domain controllers/global catalogs in the satellite
sites:
- Windows Server 2003-based domain controllers
- Windows 2000-based domain controllers with Service Pack 2
(SP2) or later installed, or with the hotfix that is specified in the KB
article Q267855.
To Configure Domain Controllers or global catalogs to Not Register Generic Records
Windows 2000
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value name: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ
Set the value to the list of the enter-delimited mnemonics that are specified in the following tables.
- Quit Registry Editor.
Windows Server 2003
To configure Windows Server 2003-based domain controllers, use
the Net Logon service Group Policy "DNS records not registered by the domain
controllers" by specifying the list of the space-delimited
mnemonics that are specified in the following tables.
Reference Tables
The following tables contain mnemonics, types, and the owner
names of the domain controller locator DNS records that should not be
registered by the satellite domain controllers and global catalogs to optimize
the domain controller location.
Domain Controller-Specific Records|
| LdapIpAddress | A | <DnsDomainName> |
| Ldap | SRV | _ldap._tcp.<DnsDomainName> |
| DcByGuid | SRV | _ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName> |
| Kdc | SRV | _kerberos._tcp.dc._msdcs.<DnsDomainName> |
| Dc | SRV | _ldap._tcp.dc._msdcs.<DnsDomainName> |
| Rfc1510Kdc | SRV | _kerberos._tcp.<DnsDomainName> |
| Rfc1510UdpKdc | SRV | _kerberos._udp.<DnsDomainName> |
| Rfc1510Kpwd | SRV | _kpasswd._tcp.<DnsDomainName> |
| Rfc1510UdpKpwd | SRV | _kpasswd._udp.<DnsDomainName> |
Global Catalog-Specific Records|
| Gc | SRV | _ldap._tcp.gc._msdcs.<DnsForestName> |
| GcIpAddress | A | gc._msdcs.<DnsForestName> |
| GenericGc | SRV | _gc._tcp.<DnsForestName> |
For the complete list of the domain controller locator DNS
records, see the Windows 2000 Server Resource Kit, "Distributed Systems Guide"
book, Chapter 3 "Name Resolution in Active Directory". For the complete list of
the domain controller locator DNS records, refer to KB article Q267855 that is
referenced in this article.
Section II: Other Topologies
If the failover to the central hub(s) when local domain
controllers/global catalogs become unavailable does not satisfy your
requirements, you can use the following configuration.
If the clients
(such as Exchange servers) in site A fail over to the domain controllers/global
catalogs in site B, when domain controllers/global catalogs in site A become
unavailable, then an administrator can configure some or all of the domain
controllers/global catalogs in site B to register site-specific records for
site A. To ensure that domain controllers/global catalogs from site B are
chosen by the clients in site A only if the domain controllers/global catalogs
from site A are not available, the domain controllers/global catalogs in site B
that are covering site A, should register SRV records containing lower (higher
in absolute value) Priority.
Note: The priority setting is applied to all SRV records that are
registered by a domain controller. Therefore, the administrator should be
cautious when setting a lower priority to be used by a domain controller,
because it means that it will register a lower priority for the
site-specific-records even for its own site.
To Configure a Domain Controller to Register Site-Specific Records for a Different Site
Windows 2000
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value name: SiteCoverage
Data type: REG_MULTI_SZ
Set the value to the list of the space-delimited site names for which the domain controller should register.
- Quit Registry Editor.
Windows Server 2003
To configure Windows Server 2003-based domain controllers, use
the Net Logon service Group Policy "Sites Covered by the domain controller
locator DNS SRV Records" by specifying the list of the space-delimited
site names for which the domain controller should register.
To Configure a Global Catalog to Register Site-Specific Records for a Different Site
Windows 2000
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value name: GcSiteCoverage
Data type: REG_MULTI_SZ
Set the value to the list of the space-delimited site names for which the Global Catalog should register.
- Quit Registry Editor.
Windows Server 2003
To configure Windows Server 2003-based domain controllers, use
the Net Logon service Group Policy "Sites Covered by the global catalog locator
DNS SRV Records" by specifying the list of the carriage return-delineated
site names for which the global catalog should register.
To Configure a Domain Controller to Register SRV Records with Particular Priority
Windows 2000
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value name: LdapSrvPriority
Data type: REG_DWORD
Set the value to the desired value of the priority.
- Quit Registry Editor.
Windows Server 2003
To configure Windows Server 2003-based domain controllers, use
the Net Logon service Group Policy "Priority Set in the domain controller
locator DNS SRV Records".