13.15. Preventing a Domain Controller from Dynamically Registering Certain Resource Records
You want to prevent a domain controller from dynamically registering certain resource records. It is sometimes advantageous to prevent certain resource records from being dynamically registered. For example, if you want to reduce the load on the PDC Emulator for a domain, you could prevent some of its SRV records from being published, which would reduce the amount of client traffic the server receives.
Using a command-line interface
This command will disable the Ldap, Gc, and GcIpAddress resource records from being dynamically registered:
reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]
DnsAvoidRegisterRecords /t REG_MULTI_SZ /d Ldap\0Gc\0GcIpAddressThe operation completed successfully. >
net stop netlogonThe Net Logon service is stopping. The Net Logon service was stopped successfully. >
net start netlogonThe Net Logon service is starting....... The Net Logon service was started successfully.
' This code prevents a DC from registering the resource records ' associated with the Ldap, Gc, and GcIpAddress mnemonics and must be run ' directly on the server. ' Create Registry Value const HKLM = &H80000002 set objReg = GetObject("winmgmts:root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Services\Netlogon\Parameters" ' prevent Ldap, Gc, and GCIpAddress records from being registered ...