Change Priority of DC Logonserver in one Site with DNS SRV Record

Posted on 2013-09-27
Medium Priority
Last Modified: 2013-10-07
We have on one site four DCs. 2x 2003 and 2x2008. The 2003 is running on very old and slow hardware but is the primary dfs-root and cant be shut down without migrating the dfs-root and without downtime.

So we would like to change the priority of the logonserver, so that every Clients/Server uses only the fast 2008 DCs.

We have changed the registry settings on the two 2003 DCs, as described here:

This took affect in DNS on the _ldap entrys in the following path:
_ldap._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de and
_kerberos._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de and
_ldap._tcp.dc._msdcs.DOMAINNAME.de and

The TTL of the settings is 10 Minutes.

Everythin seems good. But when logging on in most cases the old DCs are used as Logonserver. Checking with cmd set logonserver

checking with nslookup
> set type=srv
> _ldap._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de

The priority is ok (old DCs 16, new DCs 0)
but the sort of the server changes randomly every check. I would expect, that the new DC are because of the priority allways in the upper lines and the old DCs in the lower lines.
But it isnt.

Can someone help? Thanks.
Question by:staugust
LVL 53

Accepted Solution

Will Szymkowski earned 2000 total points
ID: 39527922
This could be related to a caching of the Dc's in question. Take a look at this Knowledge base...


Also, check the logs as well on the DC's to ensure that everything is operating normally.


LVL 24

Expert Comment

ID: 39529689
It seems to be Client-Side DNS Caching.

Disable Client-Side DNS Caching

Ensure that correct dns setting is configured on cleint computer.The primary should point to DNS DC which you want to authenticate with.http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Author Comment

ID: 39551987
After Reboot of our Citrix-Server the new DCs are used as logonserver. So the information of the logonserver was cached. We did not need to install the patch.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question