Managing Domain Controllers that are Slow to Respond to Requests
When domain controllers are slow to respond to requests, they are ranked lower compared to healthier domain controllers and thus taken out of rotation. As such, the domain controller is not used (unless no other healthy domain controllers are available). The domain controller is reset after discovery.
Adding a Domain Controller Back into Rotation
To be removed from the "penalty box," and added back to rotation -- the domain controller must be discovered. The following are registry keys that you can set to perform advanced configuration of your domain controller searches.
| Registry key | Description |
|---|---|
| AD.SearchOnePenaltyBoxThreshold | This key allows you to specify what percentage of ServerTimeLimit should be spent searching for a single AD entity before the chosen domain controller is put in the penalty box. Default is 25 (25%) - TYPE = DWORD. |
| AD.SearchManyPenaltyBoxThreshold | This key allows you to specify what percentage of ServerTimeLimit should be spent searching for many AD entities before the chosen domain controller is put in the penalty box. Default is 90 (90%) - TYPE = DWORD. |
| AD.ServerTimeoutMax | When performing a "normal" search (not a paged search), this value specifies the maximum amount of time the server should spend searching before returning results (https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.servertimelimit?view=netframework-4.8) - TYPE = DWORD |
| AD.SearchSizeMax | When performing a "normal" search (not a paged search), this value specifies the maximum number of results that can be returned in a directory search (https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.sizelimit?view=netframework-4.8) - TYPE = DWORD |
| AD.PageSizeMax | When performing a paged search, this value specifies the maximum number of objects that can be returned in a paged search (https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.pagesize?view=netframework-4.8) - TYPE = DWORD |
| AD.PageTimeMax | When doing a paged search, this value specifies the maximum amount of time the searcher should spend searching for an individual page of results (https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.directorysearcher.serverpagetimelimit?view=netframework-4.8) - TYPE = DWORD |
| AD.DCPenalityBoxEnabled | This is an on/off switch for the domain controller penalty box feature (default is ON). Set to 0 for off, 1 (or unset) for on. - TYPE = _DWORD. |
