Exchange 2003 and the PDC Emulator

September 15, 2008 15:05 by hiho

 "In what way do Exchange and the PDC Emulator relate?" Well, before starting this topic you should know what the PDC Emulator is.

The PDC Emulator is one of the 5 Active Directory FSMO Roles (in Full - "Flexible Single Master Operation Roles"). The others are Schema Master, Domaining Naming master, Infrastructure Master and the RID Master.

What are the duties of the PDC Emulator:

  • The PDC Emulator emulates a Windows NT 4.0 Primary Domain Controller - so that NT 4 Backup Domain Controllers can successfully replicate Directory Information (of course, in a pure Win2k/2k3 enviroment, this feature becomes obsolete).

  • When a User changes his/her password on another DC, the password change is preferentially replicated to the PDC Emulator before any other DC.

  • Furthermore, if a user tries to log on to a DC and the DC didn't receive the password change it will forward the logon request to the PDC Emulator (as mentioned before, the PDC Emulator gets preferential treatment on password changes).

  • Account lockouts are processed by the PDC Emulator.

  • When modifying or creating GPO's, this is always done on the SYSVOL - Share of the PDC Emulator.

  • The PDC Emulator is the authoritive source of time in the domain - all other servers and clients will try to obtain time information from the PDC Emulator (for that reason, the PDC Emulator should always be configured with an external accurate time source).

So the PDC Emulator is a pretty important role within a domain. But what's up with Exchange?

Exchange brings its own component, called DSAccess, for querying the Active Directory Database. This said, DSAccess tends to using the PDC Emulator before any other DC. This can lead to performance impacts if other applications beside Exchange are using the PDC Emulator.

So - how do you know if i'am effected by this? 

Start Perfmon on your Exchange Server, and monitor the SMTP Server\Categorizer Queue Length. It should usually be close to zero. If you see queue's building up here and mail is delivered slowly, you are most likely experiencing this problem.

Therefore, Microsoft started recommending to remove the PDC Emulator from the DSAccess Domain Controller List - and there are two ways doing it:

  • You could statically exclude the PDC Emulator via the DS Access Tab in Exchange System Monitor by right clicking the server and choosing "Properties". This will work, as long as the PDC Emulator is not moved to another DC.

  • You can dynamically exclude the PDC Emulator by setting the MinUserDC Registry Key.

Locate the following Registry-Key on your Exchange-Servers: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeDSAccess\Profiles\Default - if it does not exist, you have to create it. Under this key, create the following value:

Value Name: MinUserDC
Data Type: REG_DWORD
Value: As required

The value depends on your enviroment - it represents the total number of DC's that must be available for the DSAccess service to exclude the PDC Emulator from it's search list. As a best practice, calculate the total number of DC's in the site - 1 (the PDC itself). Example: You have 4 DC's total, you substract 1 for the PDC Emulator - your value would be 3.

Doing this will stop your Exchange-Organization from hammering the PDC Emulator and leave it some more room for it's other duties. It will instead use the other DC's available.

Note: This also works for Exchange 2007, albeit the key is named differently - locate HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeADAccess\Profiles\Default instead.

Regards,

Georg


Tags: , , , , ,
Categories: Exchange 2000 | Exchange 2003 | Exchange 2007 | Microsoft
Actions: E-mail | Permalink | Comments (0) | Comment RSSRSS comment feed