Category: At least Windows Server 2003 operating systems or Windows XP Professional

This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. If you enable this policy setting select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied. Select the mnemonics from the following list:Mnemonic Type DNS RecordLdapIpAddress A Ldap SRV _ldap. _tcp. LdapAtSite SRV _ldap. _tcp. . _sites. Pdc SRV _ldap. _tcp. pdc. _msdcs. Gc SRV _ldap. _tcp. gc. _msdcs. GcAtSite SRV _ldap. _tcp. . _sites. gc. _msdcs. DcByGuid SRV _ldap. _tcp. . domains. _msdcs. GcIpAddress A gc. _msdcs. DsaCname CNAME . _msdcs. Kdc SRV _kerberos. _tcp. dc. _msdcs. KdcAtSite SRV _kerberos. _tcp. . _sites. dc. _msdcs. Dc SRV _ldap. _tcp. dc. _msdcs. DcAtSite SRV _ldap. _tcp. . _sites. dc. _msdcs. Rfc1510Kdc SRV _kerberos. _tcp. Rfc1510KdcAtSite SRV _kerberos. _tcp. . _sites. GenericGc SRV _gc. _tcp. GenericGcAtSite SRV _gc. _tcp. . _sites. Rfc1510UdpKdc SRV _kerberos. _udp. Rfc1510Kpwd SRV _kpasswd. _tcp. Rfc1510UdpKpwd SRV _kpasswd. _udp. If you disable this policy setting DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records. If you do not configure this policy setting DCs use their local configuration.

This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service and they are used to locate the DC. If you enable this policy setting the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain or no Global Catalog for the same forest exists. If you disable this policy setting the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200) while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).

This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names. By default the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled then NetBIOS name resolution is used exclusively to locate a domain controller hosting an Active Directory domain specified with a single-label name. If you enable this policy setting computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. If you disable this policy setting computers to which this setting is applied will use the AllowDnsSuffixSearch policy if it is not disabled or perform NetBIOS name resolution otherwise to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in this case unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined. If you do not configure this policy setting it is not applied to any computers and computers use their local configuration.

This policy setting specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the site name for this setting click Enabled and then enter the site name. When the site to which a computer belongs is not specified the computer automatically discovers its site from Active Directory. If you do not configure this policy setting it is not applied to any computers and computers use their local configuration.

This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified and modifies it if necessary. – On the domain controllers (DC) discovers a DC that has not been discovered. – On the PDC attempts to add the [1B] NetBIOS name if it hasn’t already been successfully added. None of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance if a DC is separated from a trusted domain by an expensive (e. g. ISDN) line this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain. To enable the setting click Enabled and then specify the interval in seconds.

This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting DC Discovery immediately fails without attempting to find the DC. The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0. Warning: If the value for this setting is too large a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small clients will attempt to find DCs even when none are available.

This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network. To specify the expected dial-up delay at logon click Enabled and then enter the desired value in seconds (for example the value “60” is 1 minute). If you do not confihgure this policy setting it is not applied to any computers and computers use their local configuration.

This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200) while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).

This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example retires may be set to occur according to the Use maximum DC discovery retry interval policy setting but when the value set in this policy setting is reached no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting the value for Use maximum DC discovery retry interval policy setting is used. The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. Warning: If the value for this setting is too small a client will stop trying to find a DC too soon.