MarkParris

Technology Consulting.

«
»

Reduce the load on a Windows Domain Controller.

Posted by markparris on February 26, 2010

If you have a domain controller that you wish to reduce the number of client authentication requests that are processed then by adjusting the the servers weight or priority you can either:

Reduce the number of client authentication requests received by adjusting the domain controller’s DNS weight record  or to ensure that the domain controller does not receive any client authentication requests, adjust the domain controller’s DNS priority record.

Reduce the number of client authentication requests

Active Directory assigns a default value of 100 for the weight.

By adding or adjusting a registry record for the weight with a decreased value of 50, you can proportionately reduce the number of client authentication requests that are sent to the domain controller.

Using Regedit

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Create a new DWORD value  LdapSrvWeight

in the DWORD Value dialog box, select Decimal as the Base option.

Enter a value between 0 and 65535 (the recommended value is 50)

Close Regedit

Restart the NetLogon Service

Ensure that the Domain controller does not receive any client authentication requests

Active Directory assigns a default value of 0 for the priority.

By adding or adjusting a registry record for the priority and assigning it an increased value of 200, it will ensure that the domain controller will never receive client authentication requests unless it is the only accessible domain controller.   The lower the value entered for LdapSrvPriority indicates a higher utilisation priority.
A domain controller with an LdapSrvPriority setting of 100 has a lower priority than a domain controller with a setting of 10; which means clients attempt to use the domain controller with the setting of 10 first.

Using Regedit

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Create a new DWORD value. LdapSrvPriority

in the DWORD Value dialog box, select Decimal as the Base option.

Enter a value between 0 and 65535 (the recommended value is 200)

Close Regedit

Restart the NetLogon Service

This entry was posted on February 26, 2010 at 12:56 pm and is filed under Active Directory, Microsoft, Performance, Windows Server 2008, Windows Server 2008 R2, markparris. Tagged: , , , , , , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Reduce the load on a Windows Domain Controller.”

  1. Fred Woodbridge said

    March 4, 2010 at 5:06 pm

    Why can’t this be done by directly editing the DNS records themselves?

    Reply

  2. That’s A Load Off! said

    March 4, 2010 at 7:27 pm

    [...] Parris (Microsoft MVP) has a post about reducing client authentication loads on a [...]

    Reply

  3. Reduce the load on a Windows Domain Controller « Web Active Directory Blog said

    March 8, 2010 at 5:15 pm

    [...] http://markparris.co.uk/2010/02/26/reduce-the-load-on-a-windows-domain-controller/ [...]

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»