IBM Support

Steps to Preserve SRV Priority Setting Changes

How To


Summary

Steps to Preserve SRV Priority Setting Changes via a GPO.

Environment

Windows, Domain Controller

Steps

A. Registry‑Based Configuration (Per‑DC Method). This method is best when updating only a few Domain Controllers.

Step 1: Open Registry Editor on each Domain Controller: 

regedit.exe

 

Step 2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

 

Step 3: Create or Modify the Following DWORD Values

LdapSrvPriority (DWORD, range: 0–65535)

LdapSrvWeight (DWORD, range: 0–65535)

*Lower priority number = higher preference

*Higher weight = higher preference among equal‑priority DCs

For example:

    DC21 à LdapSrvPriority = 10

    DC22 à LdapSrvPriority = 10

    DC23 à LdapSrvPriority = 10

 

Step 5: Restart Netlogon to force DNS reregistration using PowerShell:

net stop netlogon

net start netlogon

 

B. GPO‑Based Configuration (Recommended for Enterprise Rollout). 

This is the *Microsoft‑preferred* scalable method for enforcing SRV record priority on multiple DCs.

Step 1: Create or Edit a GPO

Open Group Policy Management Console and create a new GPO (e.g., “DC‑SRV‑Priority‑Policy”) or edit an existing one.

 

Step 2: Navigate to the Policy Setting

    Computer Configuration, Administrative Templates, System, Net Logon, DC Locator DNS Records, Set Priority in the DC Locator DNS SRV Records

Step 3: Enable the Policy. Set the value to the desired priority (0–65535). 

Example:

* DC21, DC22, & DC23 OU Priority = 10

 

Step 4: (Optional) Set Weight using:

                Computer Configuration, Administrative Templates, System, Net Logon, DC Locator DNS Records, set Weight in the DC Locator DNS SRV Records

 

Step 5: Link the GPO to the OU Containing Domain Controllers:

Or selectively applying if you group DC21, DC22, DC23 into separate OUs.

 

Step 6: Force Group Policy Update using PowerShell on EACH Domain Controller:

                gpupdate /force

                net stop netlogon

                net start netlogon

 

Step 7: Validate the New SRV Records. In DNS Manager, check:

    _ldap._tcp.dc._msdcs.<domain>

    _kerberos._tcp.dc._msdcs.<domain>

 

You should now see updated `priority` and `weight` fields that reflect your GPO settings.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSTIPK","label":"Microsoft Windows"},"ARM Category":[{"code":"a8mKe000000004NIAQ","label":"Windows"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]

Document Information

Modified date:
27 March 2026

UID

ibm17267928

Page Feedback