AvoidPdcOnWan

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD 0 | 1 0

Description

Prevents the Backup Domain Controller (BDC) from sending new password information to a remote Primary Domain Controller (PDC). Also, if a client password fails to authenticate on the BDC, the BDC does not attempt to authenticate that password on the remote PDC. Instead of Net Logon, the PDC and BDC use Active Directory replication to update password information.

This entry does not affect password sharing between BDCs and PDCs residing on the same site. If the BDC and PDC are on the same site, the BDC sends password information regardless of the value of this entry.

Setting this value to 1 can reduce WAN traffic between domain controllers at remote locations, but PDCs might not always have the most current password data. As a result, legitimate users might not be authenticated.

Value Meaning
0 BDC sends password information to remote PDC.
1 BDC sends password information to PDCs within the site.

Note Image Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.