Skip navigation
Menu
End-User Platforms>Windows 7/8

How can I stop password changes from being pushed to the PDC FSMO over WAN links?

A. By default, when someone changes a password, the change occurs on the local domain controller (DC), but Windows also pushes the change to the PDC Flexible Single-Master Operation (FSMO) role holder because such changes take time to replicate around the domain. If the change wasn't pushed to the FSMO role holder and someone tried to log on with the new password that wasn't replicated, the logon would fail. To avoid this kind of failure, Windows attempts to authenticate on the PDC FSMO role holder.

To prevent the system from pushing password changes over slow WAN links, make the following change on the relevant DCs:

  1. Start regedit.exe.
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
  3. From the Edit menu, select New, DWORD value.
  4. Enter a name of AvoidPdcOnWan, and press Enter.
  5. Double-click AvoidPdcOnWan, and set it to 1.
  6. Click OK.
  7. Close regedit.
TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019