Tag: Computer Configuration

This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records click Enabled and then enter the site names in a space-delimited format. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and they are used to locate the DC. The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. To specify the Weight in the DC Locator DNS SRV records click Enabled and then enter a value. The range of values is from 0 to 65535. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed. To specify the Priority in the DC Locator DNS SRV resource records click Enabled and then enter a value. The range of values is from 0 to 65535. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. To specify the sites covered by the GC Locator DNS SRV records click Enabled and enter the sites’ names in a space-delimited format. If you do not configure this policy setting it is not applied to any GCs and GCs use their local configuration.

This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered and they are used to locate the domain controller (DC). To specify the TTL for DC Locator DNS records click Enabled and then enter a value in seconds (for example the value “900” is 15 minutes). If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update. DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers even if their records’ data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database. Warning: If the DNS resource records are registered in zones with scavenging enabled the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records. To specify the Refresh Interval of the DC records click Enabled and then enter a value larger than 1800. This value specifies the Refresh Interval of the DC records in seconds (for example the value 3600 is 60 minutes). If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. If you enable this policy setting select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied. Select the mnemonics from the following list:Mnemonic Type DNS RecordLdapIpAddress A Ldap SRV _ldap. _tcp. LdapAtSite SRV _ldap. _tcp. . _sites. Pdc SRV _ldap. _tcp. pdc. _msdcs. Gc SRV _ldap. _tcp. gc. _msdcs. GcAtSite SRV _ldap. _tcp. . _sites. gc. _msdcs. DcByGuid SRV _ldap. _tcp. . domains. _msdcs. GcIpAddress A gc. _msdcs. DsaCname CNAME . _msdcs. Kdc SRV _kerberos. _tcp. dc. _msdcs. KdcAtSite SRV _kerberos. _tcp. . _sites. dc. _msdcs. Dc SRV _ldap. _tcp. dc. _msdcs. DcAtSite SRV _ldap. _tcp. . _sites. dc. _msdcs. Rfc1510Kdc SRV _kerberos. _tcp. Rfc1510KdcAtSite SRV _kerberos. _tcp. . _sites. GenericGc SRV _gc. _tcp. GenericGcAtSite SRV _gc. _tcp. . _sites. Rfc1510UdpKdc SRV _kerberos. _udp. Rfc1510Kpwd SRV _kpasswd. _tcp. Rfc1510UdpKpwd SRV _kpasswd. _udp. If you disable this policy setting DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records. If you do not configure this policy setting DCs use their local configuration.

This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service and they are used to locate the DC. If you enable this policy setting the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain or no Global Catalog for the same forest exists. If you disable this policy setting the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names. By default the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled then NetBIOS name resolution is used exclusively to locate a domain controller hosting an Active Directory domain specified with a single-label name. If you enable this policy setting computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. If you disable this policy setting computers to which this setting is applied will use the AllowDnsSuffixSearch policy if it is not disabled or perform NetBIOS name resolution otherwise to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in this case unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. If you do not configure this policy setting it is not applied to any computers and computers use their local configuration.