Adjust Active Directory Traffic Distribution Among Domain Controllers

Change LdapSrvWeight to proportionally distribute AD referral traffic (default 100)
Regedit >> HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters >> New DWORD as LdapSrvWeight with value 50 (50% of 100 or half amount of traffic) >> OK >> Exit
Set LdapSrvPriority to halt traffic toward a certain DC by making its priority level to be higher (default 0)
How To:
Regedit >> HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters >> New DWORD as LdapSrvPriority with value 5 (higher than default of 0) >> OK >> Exit
Disable Global Catalog on a remote DC to force clients to authenticate on Hub DC
Install WINS on new DCs
Configure DHCP scopes to update new DNS/WINS addresses
DCPromo to demote retiring DC
Set DHCP server DC01 with loadbalance/failover partner DC02
When a cloned machine is being put into production without going through “sysprep,” it will cause machine password errors leading to Active Directory trust issues. In the case of an AD server failure, the procedure to fix this problem is to reboot the machine to Directory Services Restore Mode (Reboot with F8), log on with the “administrator” account, unjoin the DC from domain, reboot, and rejoin. (this sometimes does not result in a successful reboot). Thus, the faulted machine account must be manually deleted from ADUC, ADSS, DNS, and DHCP Reservation (if there’s any).

Leave a Reply

Your email address will not be published. Required fields are marked *