Outline:
How to configure locator preferences for domain controllers (DCs). How to set priority and weight on domain controllers. Force clients to consistently connect to the same domain controller.
Problem:
Clients connect to different DCs within the same site. IPv4 DNS server search has no effect on this random behavior.
Solution:
(a) Assign priority and weights to DNS SRV-records
via GPO (i.e., registry changes);
(b) Or, change subnet topology for simple DC Subnet Prioritization;
Assumptions:
All DCs are located within the same Active Directory (AD) site.
Domain Controller Priority within a Site
Domain DNS SRV-records assign priority and weight values that determine DC preference. Clients connect to the domain controller (DC) with the lowest priority
value. By default, priority for all DCs is set to zero. For example, assume a site has two DCs:
- · DC-X with a priority of 0 (i.e., preferred).
- DC-Y with a priority of 2.
In this example, Windows clients connect to DC-X because it
has the lowest priority value. Clients only connect to DC-Y when DC-X is unavailable (e.g., maintenance).
Domain Controller Weights
What happens when all the DCs share the same priority? In this situation, DC preference is determined by SRV-record weight values. Unlike priority, clients prefer higher weight values over lower values.
What happens if all DCs have the same weight values? By default, DCs weight value is set to 100. Clients connect round-robin when all DCs use the same priority and weight values.
What happens when same-site DCs have the same priority and different weight values? Weight is not absolute. Weight is proportionate. In other words, clients may disproportionately connect to any available DC.
Clients are more likely to connect to DCs with higher weights. Clients are less likely to connect to lower weights DCs. Weight preference uses a simple formula: DC weight (i.e., single server) divided by the sum of all DCs weights:
Clients are more likely to connect to DCs with higher weights. Clients are less likely to connect to lower weights DCs. Weight preference uses a simple formula: DC weight (i.e., single server) divided by the sum of all DCs weights:
For Example, assume three DCs within a single AD site (Table
1):
Determine domain controller preference based on weights.
Domain
Controller |
Priority
(Default) |
Weight
|
Formula
|
Connection Odds
|
DC10
|
0
|
10
|
10/(10+20+30)
= 10/60 = 1/6 |
17%
|
DC20
|
0
|
20
|
20/(10+20+30)
= 20/60 = 2/6 |
33%
|
DC30
|
0
|
30
|
30/(10+20+30)
= 30/60 = 1/2 |
50%
|
Note: This assumes
client and domain controllers reside in the same site and use the same priority values.
DC Preference Configuration
- Set
priority and weight via the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - Create
new 32-bit DWORDs:
LdapSrvWeight
LdapSrvPriority - Assign DC priority and weight values.
- Restart the NETLOGON service to publish to SRV records
Subnet Prioritization
Clients prefer to connect to DCs on the same IP subnet. For example, let’s say we have a single AD site. This site consists of one Windows 10 client and two DCs (Table2):Subnet Prioritization
Host
|
Priority
|
Weight
|
IP address
|
Preferred DC
|
WIN-10
|
192.168.1.1/24
|
|||
DC-X
|
0
|
100
|
192.168.1.100/24
|
Yes
|
DC-Y
|
0
|
100
|
192.168.2.100/24
|
No
|
Note: All hosts reside in the same AD site. DC01 and DC02 use default weight and priority values.
In this situation, all hosts belong to the same
AD-site. Both DCs have the same preference
values (i.e., default). WIN-10 and DC-X belong to the same IP subnet. However, DC-Y resides on a separate IP
subnet. DC-X is the preferred DC. Clients only connect to DC-y when DC-X is unavailable (e.g., maintenance).
Additional Thoughts:
I recommend minimal registry changes –especially
to DCs. Implement priority and weight changes with caution. Also consider, registry changes
can be difficult to troubleshoot. Therefore,
it’s prudent to push these changes out via GPO.
Subnet Prioritization seems to be the simplest approach. That is, if you’re comfortable with
internetworking. Simply create a new gateway. Add routes. Assign the subnet to the
second DC. Done.
That’s It!
References:
Active Directory Network Administration
0 Comments:
Post a Comment