Dates, smates. ;)
- WJR On Wed, Jun 19, 2013 at 10:20 AM, Webster <[email protected]> wrote: > That whitepaper has no date(s) or version numbers of any products. > > > > > > Carl Webster > > Consultant and Citrix Technology Professional > > http://www.CarlWebster.com <http://www.carlwebster.com/> > ------------------------------ > *From:* [email protected] [[email protected]] > on behalf of Brian Desmond [[email protected]] > *Sent:* Wednesday, June 19, 2013 10:13 AM > *To:* [email protected] > *Subject:* [NTSysADM] RE: VMware Whitepaper on virtualizing AD > > *Yes I’ve done this before but in customers where the PDCe is really > busy or would be overloaded. It’s usually easier to just put it in its’ own > site then keep track of these two reg hacks.* > > ** > > *That said, with processing power where it is today, I haven’t had to > have this discussion in a really long time. * > > ** > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > ** > > *w – 312.625.1438 | c – 312.731.3132* > > ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Webster > *Sent:* Wednesday, June 19, 2013 10:06 AM > *To:* <[email protected]> > *Subject:* [NTSysADM] VMware Whitepaper on virtualizing AD > > > > Since I have to prove it is OK to virtualize Domain Controllers > (specifically 2012 DCs running on HyperV3), I came across this whitepaper > by VMware: > > > > http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf > > > > It had this section and I have not seen this info before (or maybe I > haven't gotten to it yet in Brian's 5th Edition AD book). Have any of you > ever done this? > > > > <quote> > > *Making DNS Modifications* > > The PDC Emulator FSMO role is very busy in an Active Directory > > infrastructure. In addition to playing the part of a domain > > controller and acting as the timekeeper for the domain, the > > PDC Emulator is responsible for processing password changes > > for its domain, authenticating failed password requests, and > > “emulating” a PDC for down-level servers such as NT 4.0 BDCs > > and clients. In addition, some legacy applications are still written > > to specifically contact the PDC of the domain. > > By modifying the weight and/or priorities of the DNS SRV > > records, you can relieve the load on the PDC Emulator. Simply > > direct logon authentications to specific domain controllers or > > away from the PDC Emulator. > > > > DNS Weight > > DNS weight uses a proportional system to distribute the > > requests among servers. The weight is actually an arbitrary > > value assigned to DNS SRV records to balance or distribute > > authentication requests among the domain controllers. By > > default, the assigned value is 100; reducing this value changes > > the proportional value relative to other servers so that a server > > with a lower value receives fewer requests. For example, if a DNS > > SRV record is lowered to 25 or 50 from a default of 100, it means > > that server will receive authentication requests 25 or 50 percent > > of the time in proportion to the others. > > > > DNS Priority > > DNS priority allows the administrator to inflate the DNS SRV > > record to a value so high, artificially, that it would be unlikely to > > receive a request unless no others are available to respond. By > > default, the value is set at 0. Setting priority extremely high, say > > 100 or 200, significantly reduces the chances the server will get > > the request. > > > > Adjusting Weight and Priority > > To adjust the weight and priority in a PDC Emulator, add to the > > following key: > > > > HKLM\System\CurrentControlSet\Services\Netlogon\Parameters > > • Set the LdapSrvWeight DWORD to a decimal value of 25 or > > 50. > > • Set the LdapSrvPriority DWORD decimal value to 100 or 200. > > > > Note that registry changes may require a reboot. These changes > > can also be performed directly through DNS Manager by simply > > double-clicking on the record, then adjusting. > > > > Using the weight and priority strategy is an excellent way to > > wean client requests away from the physical domain controllers > > and direct them to the virtual machine domain controllers. This > > will allow you to safely begin the decommissioning process of > > your physical domain controllers. > > </quote> > > > > Thanks > > > > > > Carl Webster > > Consultant and Citrix Technology Professional > > http://www.CarlWebster.com <http://www.carlwebster.com/> >
