Yeah you lose me at the regedits. However, as you say, I've not run in to an issue with this in a very long time.
That said, I throw in my usual salvo about ensuring the VM Host's over allocation not be on the extreme end. (I have run into this more than once) DC's are impatient creatures. :) - WJR On Wed, Jun 19, 2013 at 10:13 AM, Brian Desmond <[email protected]>wrote: > *Yes I’ve done this before but in customers where the PDCe is really > busy or would be overloaded. It’s usually easier to just put it in its’ own > site then keep track of these two reg hacks.* > > * * > > *That said, with processing power where it is today, I haven’t had to > have this discussion in a really long time. * > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *w – 312.625.1438 | c – 312.731.3132* > > * * > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Webster > *Sent:* Wednesday, June 19, 2013 10:06 AM > *To:* <[email protected]> > *Subject:* [NTSysADM] VMware Whitepaper on virtualizing AD**** > > ** ** > > Since I have to prove it is OK to virtualize Domain Controllers > (specifically 2012 DCs running on HyperV3), I came across this whitepaper > by VMware:**** > > **** > > http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf* > *** > > **** > > It had this section and I have not seen this info before (or maybe I > haven't gotten to it yet in Brian's 5th Edition AD book). Have any of you > ever done this?**** > > **** > > <quote>**** > > *Making DNS Modifications* > > The PDC Emulator FSMO role is very busy in an Active Directory**** > > infrastructure. In addition to playing the part of a domain**** > > controller and acting as the timekeeper for the domain, the**** > > PDC Emulator is responsible for processing password changes**** > > for its domain, authenticating failed password requests, and**** > > “emulating” a PDC for down-level servers such as NT 4.0 BDCs**** > > and clients. In addition, some legacy applications are still written**** > > to specifically contact the PDC of the domain.**** > > By modifying the weight and/or priorities of the DNS SRV**** > > records, you can relieve the load on the PDC Emulator. Simply**** > > direct logon authentications to specific domain controllers or**** > > away from the PDC Emulator.**** > > **** > > DNS Weight**** > > DNS weight uses a proportional system to distribute the**** > > requests among servers. The weight is actually an arbitrary**** > > value assigned to DNS SRV records to balance or distribute**** > > authentication requests among the domain controllers. By**** > > default, the assigned value is 100; reducing this value changes**** > > the proportional value relative to other servers so that a server**** > > with a lower value receives fewer requests. For example, if a DNS**** > > SRV record is lowered to 25 or 50 from a default of 100, it means**** > > that server will receive authentication requests 25 or 50 percent**** > > of the time in proportion to the others.**** > > **** > > DNS Priority**** > > DNS priority allows the administrator to inflate the DNS SRV**** > > record to a value so high, artificially, that it would be unlikely to**** > > receive a request unless no others are available to respond. By**** > > default, the value is set at 0. Setting priority extremely high, say**** > > 100 or 200, significantly reduces the chances the server will get**** > > the request.**** > > **** > > Adjusting Weight and Priority**** > > To adjust the weight and priority in a PDC Emulator, add to the**** > > following key:**** > > **** > > HKLM\System\CurrentControlSet\Services\Netlogon\Parameters**** > > • Set the LdapSrvWeight DWORD to a decimal value of 25 or**** > > 50.**** > > • Set the LdapSrvPriority DWORD decimal value to 100 or 200.**** > > **** > > Note that registry changes may require a reboot. These changes**** > > can also be performed directly through DNS Manager by simply**** > > double-clicking on the record, then adjusting.**** > > **** > > Using the weight and priority strategy is an excellent way to**** > > wean client requests away from the physical domain controllers**** > > and direct them to the virtual machine domain controllers. This**** > > will allow you to safely begin the decommissioning process of**** > > your physical domain controllers.**** > > </quote>**** > > **** > > Thanks**** > > **** > > **** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** >
