Using the PDC Emulator
Every time a GPO is
viewed or changed, the GPMC and the GPME locate the domain controller
that is responsible for the PDC emulator role. It is the GPO from this
domain controller that is viewed and updated. There is no inherent
reason for choosing this domain controller by default; one domain
controller must be selected, because changes must occur on one domain
controller and then replicate to all domain controllers. Because the PDC
emulator is already responsible for many other critical domain tasks,
it makes sense to use this domain controller for GPO updates as well.
There are times when the
domain controller running the PDC emulator role is not available or is
not the ideal candidate for updating the GPOs. If the PDC emulator is
not available when a change must be made to a GPO, the system displays
an error message, as shown in Figure 1.
Note that not only does
the system display a dialog box indicating that the domain controller is
not available, it also gives you the option to choose a different
domain controller. In most cases, selection of the domain controller for
updating a GPO has no effect on the result of updating a GPO.
Sometimes, however, selecting a different domain controller will result
in faster or slower GPO deployment situations. This is because of the
way in which a computer receives information regarding domain
controllers during initial bootup. Computers receive a list of domain
controllers from DNS that prioritizes them based on network location.
The domain controllers in the computers own site are first; then the
other domain controllers follow. If you make a change to a GPO that is
initially updated on a domain controller that is not in the target
computer’s site, it can take a while to replicate to the domain
controller in the computer’s site. This could cause a delay in the
processing of the GPO until all replication converges.
Selecting the Domain Controller for GPO Editing
To
eliminate the processing delay described in the previous section, you
can select a domain controller that is in the computer’s site. Of
course, you must know which site the target computers are in, as well as
which domain controllers correspond to that site.
You can also control
which domain controller is used when you edit a GPO within the GPMC.
Again, this is beneficial when you want to update a specific domain
controller to ensure the fastest and most reliable application of the
policy settings. To change the domain controller used for editing GPOs
from within the GPMC, follow these steps:
1. | Right-click the domain name in the GPMC window.
|
2. | Click Change Domain Controller.
|
3. | Make your selection from the list of possible domain controller options, as shown in Figure 2.
|
The next time you edit a
GPO from within the GPMC, you will be using the domain controller that
you selected. Do not forget that you changed the domain controller in
the interface.
Note
One
Group Policy setting allows you to configure the domain controller that
will be used when editing GPOs. The setting, “Group Policy domain
controller selection,” is under User Configuration\Administrative
Templates\System\Group Policy, as shown in Figure 3.
This policy setting is a bit out of date; it does not offer the same
options as the GPMC, and it includes an option for using the domain
controller that is being used by the snap-in, which refers to Active
Directory Users and Computers. |
