A Quick Tip To Prevent Registration Of A and GC Records For Domain Controllers

by [Published on 4 Jan. 2011 / Last Updated on 31 Oct. 2009]

This article explains how you can prevent NetLogon service from registering A record for Domain Name and Global Catalog.

By default, Windows Server running Domain Controller role registers A Record for Domain Name and Global Catalog in the DNS Servers. There are certain situations where you would want to disable the registration of the records mentioned below:

  • DomainName.Com    A   IP_Address
  • gc._msdcs.DomainName.Com     A    IP_Address

You can use the below mentioned registry entry on the domain controllers to dis-allow registration of these records:

  • KEY Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
  • Entry Name: RegisterDnsARecords
  • Data: DWORD
  • Value: 1 (Register A Records), 0 (Do not register A Records)

Note: This regsitry entry does not exist by default.

See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links