Skip navigation
Menu
Compute Engines

JSI Tip 2631. How do I prevent the PDC FSMO role owner from being contacted when a client uses an incorrect password??

When a user / machine account password is changed, or a DC receives a client authentication request using a bad password, the PDC FSMO role owner is contacted. If it is a password change, replication begins immediately.

This can cause unwanted WAN traffic.

You can alter this behavior by using Regedt32 on each DC to navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters

On the Edit menu, Add Value name AvoidPdcOnWan as a REG_DWORD data type. Setting the data value to 1 causes the DC to not contact the PDC FSMO role owner at a remote site to avoid password conflicts and to delay password change replication until the next replication cycle.

NOTE: This can result in the client being denied access until the next replication cycle.


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023