We have two Windows 2008 servers that are Active Directory Domain Controllers. They seem to be configured properly, and are talking to each other.
I want one of the domain controllers to authenticate all of the logins because it's a more powerful box. I want the second DC to take over if the first goes down.
I went into the Registry on the old machine, and created two 32 bit Dword registry keys as follows:
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
LdapSrvPriority
and
LdapSrvWeight.
Set these to 5 and 150. Assumed the default on the faster server was 0 and 100, thus making the newer server the default choice for logon authentication.
Rebooted server. Checked DNS, and it still is reporting 0 100 for both servers, and doing an
echo %LOGONSERVER% on various workstations seems to show that authentication is roundrobining between both servers.
Why aren't these settings sticking? And why weren't they in the registry when I started?
Thanks