10 Apr 2013

How to control and prioritize Client authentication and logon requests on Domain Controllers

Each domain joined Windows client locates an appropriate Domain Controller using a component called “DCLocator” as part of the NETLOGON service.

Refer to the following article for detailed information (strongly recommended)

Now the question arises, if there is a logic which domain controller responds first to queries from the DCLocator. Based on my experiences the following facts counts into play.

  • The OS version of the DC (e.g. a 2012 DC responds generally before a 2003 DC)
  • The responsiveness (mainly based on HW resources)
  • The ordering within the DNS SRV records (_ldap / _gc)
  • **The priority and weight values for the SRV records

There are multiple scenarios where you might have to limit LDAP requests to one or more of your Domain Controllers. The following are the most common ones:


  • DC holding the PDC Emulator is more loaded than other DCs (causing logon performance issues in large user environments)
  • Upgrading / Installing new Domain Controllers as part of an AD upgrade (causing logons to occur on the new DC by dwfault)


The NETLOGON service has two parameters which control the response-behavior to LDAP requests: LdapSrvWeigth and LdapSrvPriority  **

By default, each DC has a priority of 0 and a weight of 100. The weight can be used to prefer particular DCs with the same priority.

If the priority value is set, it takes precedence over the weight value.

  • **Domain controllers with the highest weight and the lowest priority are most likely to be contacted

To modify the behavior, just create two REG_DWORD values (LdapSrvWeight and LdapSrvPriority) under the Key:

Choose a value between 0 and 65335

  • Restart the NETLOGON Service, and watch the SRV records in DNS, they should be updated shortly with the new values.

The following table illustrates a configuration example




Effective Order











Additional resources

How DNS Support for Active Directory Works http://technet.microsoft.com/en-us/library/cc759550.aspx