Load Balancing on Windows 2000/2003 DC after Upgrading from NT

Posted on January 8, 2009 by Daniel Petri in Active Directory with 0 Comments

How do I to prevent overloading on the first Windows 2000 or Windows Server 2003 domain controller as I upgrade my Windows NT 4.0 domain?

The overloading effect takes place under the following set of conditions:

  • You have a Microsoft Windows NT 4.0-based domain.
  • You upgrade several computers in the domain to Windows 2000 or Windows XP before you upgrade a primary domain controller (PDC) to Windows 2000 or Windows Server 2003.

You then upgrade the PDC to Windows 2000 or Windows Server 2003 and convert the Windows NT 4.0-based domain to an Active Directory domain.

After Windows 2000 and Windows XP-based computers join an Active Directory domain, they will not use a Windows NT 4.0-based domain controller (DC) for any operation that requires them to contact the DC. Therefore, all of the computers that run Windows 2000 or Windows XP contact only the lone Windows 2000- or Windows Server 2003-based DC.

The overloading effect on the DC introduces a single point of failure. If that lone Windows 2000- or Windows Server 2003-based DC becomes unavailable, computers and users cannot contact any other of the (non-Windows 2000- and non-Windows Server 2003-based) DCs in the domain.

There is a scenario in which the overloading effect can take place even though you upgrade the PDC before you upgrade the domain members. In this scenario, no additional DCs are upgraded to Windows 2000 or Windows Server 2003 while large numbers of the domain member computers are being upgraded. However, this scenario is not common because if you upgrade the PDC first, you probably plan to upgrade enough of the DCs before you upgrade the mass of the non-DC computers or domain members. This solution is implemented in Windows 2000 Service Pack 2 (SP2) and in Windows Server 2003.

The solution enables special configuration to make a DC emulate the behavior of a Windows NT 4.0-based DC. The domain member computers that run Windows 2000 or Windows XP will not distinguish between a DC that is in Windows NT 4.0 (NT4) emulation mode and a DC that runs Windows NT 4.0. This configuration prevents overloading of the first DC that you upgrade to Windows 2000 SP2 or Windows Server 2003. The configuration also allows administrators to perform a gradual upgrade of the DCs in the domain.

NT4 emulation mode is intended only for temporary use during the process of upgrading a small set of the first DCs from Windows NT 4.0 to Windows 2000 and Windows Server 2003 in a domain that has a large number of computers that run Windows 2000 or Windows XP. After you upgrade enough DCs to serve the computers’ and users’ requests, you should remove the NT4 emulation configuration from the DCs.

Configuring Windows NT 4.0 Emulation

WARNING : Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

  1. Start Registry Editor (Regedt32.exe).
  2. Locate the NT4Emulator value under the following key in the registry:

HKLM\System\CCS\Services\Netlogon\Parameters

  1. On the Edit menu, click REG_DWORD, type 0x1, and then click OK.
  2. Quit Registry Editor.

If your domain has member computers that run Windows 2000 and Windows XP but does not have at least one Windows 2000- or Windows Server 2003-based DC that is configured in NT4 emulation mode, you need to configure a DC for NT4 emulation in order to stop the overloading effect. You also need to rejoin all Windows 2000- and Windows XP-based domain members. In the join procedure, specify a NetBIOS name for the domain. Until such domain members are rejoined, they cannot contact any DC in the domain.

You can configure computers that run Windows 2000 SP2 or Windows XP to inform the Windows 2000- and Windows Server 2003-based DCs that have NT4 emulation mode not to use NT4 emulation when they respond to requests from those computers. That is, you can neutralize NT4 emulation:

  1. Start Registry Editor (Regedt32.exe).
  2. Locate the NeutralizeNT4Emulator value under the following key in the registry:

  1. On the Edit menu, click REG_DWORD, type 0x1, and then click OK.
  2. Quit Registry Editor.

Note that you do not need to configure this registry key value on the DCs because the DCs always behave as if they are configured with this key.

Upgrade the first DC from Windows NT 4.0 to Windows 2000 or to Windows Server 2003 Advanced Server. Before you run the Active Directory Installation Wizard, configure the DC for NT4 emulation, following the procedure that is outlined in this article. Then upgrade one or more of the other DCs by using the same procedure.

After you upgrade enough DCs to handle the load from all of the computers in the domain, remove the NT4 emulation mode from the DCs by deleting the NT4Emulator value from the registry on each computer that runs Windows 2000 or Windows Server 2003.

If you need to either

use a remote computer that is not a Windows 2000 SP2- or Windows Server 2003-based DC to administer the upgraded DCs that are configured for NT4 emulation

or

allow DCs that are configured for NT4 emulation mode to respond to a small set of the Windows 2000 SP2- and Windows Server 2003-based computers without emulating Windows NT 4.0 behavior,

set the registry value NeutralizeNT4Emulator to 0x1 in the registry on these computers.

Note: Having at least one Windows 2000- or Windows Server 2003-based DC that is not configured for NT4 emulation while all other upgraded DCs are configured for NT4 emulation makes the non-NT4 emulator DC a single point of failure. This DC may be overloaded by requests from the upgraded domain members that are not DCs.

Links

How to Prevent Overloading on the First Windows 2000- or Windows XP-Based DC During Domain Upgrade – 298713

Sponsored