AvoidPDCOnWan and PDC Emulator

by [Published on 19 March 2009 / Last Updated on 28 Nov. 2008]

This article explains how you can control a domain controller contacting a PDC which is out of the site.

The AvoidPDCOnWan registry entry is used to control the traffic to a PDC Emulator on another site. When a user changes his password, the password must be replicated to all the Domain Controllers of that domain. First the password is updated at the PDC Emulator and then replicated to all other domain controllers in that domain via the normal replication methods.

How does it work when a user has changed its password and try to log on to the domain?

  • 1. User logs on to the domain.
  • 2. The Local domain controller finds that the user recently updated its password but the Domain Controller doesn't have password information.
  • 3. Before Domain Controller rejects the authentication request, it checks at the PDC Emulator to determine if it has the password.
  • 4. If PDC Emulator has the user's password, then the Domain Controller will replicate the user's object with password.
  • 5. User is authenticated by the Domain Controller in the local site.

The registry entry, AvoidPDCOnWan, plays an important role. This registry entry is used to enable the immediate replication for the password changes. It tells whether you should replicate the user's password immediately or not. This registry entry can be set on the Domain Controller where the password has been changed and can be set at the following registry location:

  • Key: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
  • Value: AvoidPdcOnWan
  • Type: REG_DWORD
  • Data: 0 (disable) 1 (enable)

 

 

Featured Links