Domain controllers weight and priority values: How to check them with PowerShell

Active Directory’s domain controller installation process creates several Service Records (SRV) in the DNS Server. The SRV records are used by the Windows clients and applications to find a suitable domain controller in the Active Directory forest. Active Directory clients contact local DNS Server to get a list of domain controllers. However, when returning a list of domain controllers, the DNS Server might return a list of domain controllers based on the priority and weight assigned to the SRV records of the domain controllers. By default, domain controllers weight are configured at 100 and a priority of 0. Since all the domain controllers weight and priority are configured the same, a DNS Server can return a list of all available domain controllers based upon the type of query.

The heavier-weight domain controllers are referred more often and lowest priority domain controllers are set first in the list. For example, if a domain controller is assigned with a weight of 200 and the other domain controllers are configured with a weight of 100, the domain controller that is assigned with a weight of 200 is referred often. If a domain controller is configured with a priority of 0 and the other domain controllers are configured with a different priority, the domain controller assigned with lowest priority will receive all authentication requests unless it is unavailable.

Why change domain controllers weight and priority?

In most of the cases, the default domain controllers weight and priority work for all environments. However, you might want to change the default weight and priority of domain controllers based upon your requirements. For example, if a domain controller has more capacity to handle the authentication requests than the other domain controllers, you might want that domain controller to be referred often. Similarly, you might want to designate a domain controller to handle authentication requests coming from some AD applications. Though it is not necessary to change the default weight and priority of domain controllers, many Active Directory admins do modify SRV priority and weight for some special purposes as explained above.

In this article, we are going to provide a PowerShell script that can help you collect the weight and priority configured for all domain controllers in an Active Directory Forest.

Requirements

Please make sure to run the script from a Windows Server 2012 R2 member server or domain controller. You must also install DNS Server tools from Server Manager. Note that the script provided in this article uses Get-DNSServerResourceRecord PowerShell cmdlet, which is installed as part of DNS Server Tools. Apart from installing the DNS Server Tools, make sure to create a folder by name “C:\Temp” on the computer from where you will run the script. You also need to change the PDC Server name and Active Directory domain name in the script before executing the script.

Once you have met above requirements, copy the below script in a PS1 file and execute it from an elevated PowerShell window.


$TestCSVFile = “C:\Temp\SRVPWReport.CSV”
$GDCList = “C:\Temp\DCList.TXT”
Remove-item $TestCSVFile -ErrorAction SilentlyContinue
$ThisString=”Domain Name, Domain Controller, AD Site, SRV, Weight, Priority,Final Status”
Add-Content “$TestCSVFile” $ThisString
$PDCServerToConnect=”<PDCServer.Domain.Com>”
$ThisDomain = “<DomainName.Com>”
$TestStatus=”Passed”
$TestText = “”
$sumVal=0
$ReachOrNot = “Yes”
$AnyGap = “No”
$TotNo = 0
$AnyOneOk = “No”
$SRVFile = “C:\Temp\SRVTempRC.DPC”
Remove-item $SRVFile -ErrorAction SilentlyContinue
$ThisZoneNow = “_msdcs.”+$ThisDomain
$Error.Clear()
Get-DnsServerResourceRecord -ComputerName $PDCServerToConnect -ZoneName $ThisZoneNow | ? {($_.recordtype -eq ‘SRV’)} | Select -Property HostName,RecordType -ExpandProperty RecordData | export-csv $SRVFile -NoTypeInformation
IF ($Error.Count -eq 0)
{
$AnyOneOk=”Yes”
$AllRecordsCSV = Import-CSV $SRVFile
$AllDCInDomain=Get-ADDomainController -filter * -Server $ThisDomain
ForEach ($DCName in $AllDCInDomain)
{
$ThisDCNameNow = $DCName.HostName
$ThisDCSiteNow = $DCName.Site
ForEach ($SRVInFile in $AllRecordsCSV)
{
$ThisDCInFile = $SRVInFile.DomainName
$ThisDCSRV = $SRVInFile.Hostname
$ThisWeight = $SRVInFile.Weight
$ThisPriority = $SRVInFile.Priority
$SRVToCheckNow = $ThisDCSRV+”.”+$ThisDCInFile
$FinStatus=””
IF ($ThisWeight -eq 100 -and $ThisPriority -eq 0)
{
}
else
{
$AnyGap = “Yes”
$FinStatus = “Please check why Weight and Priority of this domain controller has been set to values other than 100 and 0 respectively.”
$FinalSTR = $ThisDomain+”,”+$ThisDCNameNow+”,”+$ThisDCSiteNow+”,”+$SRVToCheckNow+”,”+$ThisWeight+”,”+$ThisPriority+”,”+$FinStatus
Add-Content “$TestCSVFile” $FinalSTR
}
}
}
else
{
$ThisSTR = $ThisDomain+”,Error Connecting to PDC in this domain.”
$ErrorOrNot = “Yes”
Add-Content “$TestCSVFile” $ThisStr
}
}
IF ($AnyGap -eq “Yes”)
{
$TestStatus=”Critical”
$TestText = “Weight and Priority for domain controller SRV records have been modified from default 100 and 0 values. Please ensure Weight and Priority have been modified to meet a purpose.”
$SumVal = $TotNo
}
IF ($AnyGap -eq “No”)
{
$TestStatus=”Passed”
$TestText = “All Domain Controllers are using default weight and priority.”
$SumVal = “”
}
$STR = $ADTestName +”,”+$TestStartTime+”,”+$TestStatus+”,”+$SumVal +”,”+$TestText


Once you have executed above PowerShell script, a report by name SRVPWReport.CSV will be generated under C:\Temp folder on the computer from where you ran the script. The report includes the domain name, Domain Controller name, AD Site, SRV record, Weight and Priority assigned to the SRV record of the domain controller and final status indicating whether the priority and weight of SRV record contain any value other than the default values. This is also shown in the screenshot below:

domain controllers weight

Please note that the script connects to all domain controllers in an Active Directory domain, connect to PDC Emulator of the domain, collects SRV records from the _MSDCS zone, and then collects SRV weight and priority assigned to the domain controllers. As you can see in the report above, the script identified that one of the SRV records of the DC1.TechGenix.com domain controller is configured with a different weight value. As you can also see in the report, the script reported a message in the Final Status that the particular SRV record of that domain controller needs to be checked.

This script is part of PowerShell-based Dynamic Packs that ship with the Active Directory Health Profiler, which you can use to perform a complete health check of an Active Directory forest. There are 99 health checks included in the AD Health Profiler.

By using the PowerShell script provided in this article you can collect domain controllers weight and priority values for all SRV records. You can include the PowerShell script in your Active Directory health procedure to ensure domain controllers are configured with required priority and weight values.

Photo credit: Shutterstock

3 thoughts on “Domain controllers weight and priority values: How to check them with PowerShell”

  1. else : The term ‘else’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check
    the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At C:\Users\gas\Desktop\DCpriority.ps1:49 char:1
    + else
    + ~~~~
    + CategoryInfo : ObjectNotFound: (else:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    $ThisSTR = $ThisDomain+”,Error Connecting to PDC in this domain.”
    $ErrorOrNot = “Yes”
    Add-Content “$TestCSVFile” $ThisStr

  2. There is a single closing bracket missing just before else in line 49.
    Should be four of them
    }
    }
    }
    }
    else
    {
    $ThisSTR = $ThisDomain+”,Error Connecting to PDC in this domain.”
    $ErrorOrNot = “Yes”
    Add-Content “$TestCSVFile” $ThisStr
    }

  3. Thomas S Westfall

    I was still getting an error when adding the additional “}” at line 49 and so I had to delete a bracket at line 57, leaving me with this.
    Add-Content “$TestCSVFile” $FinalSTR
    }
    }
    }
    }
    else
    {
    $ThisSTR = $ThisDomain+”,Error Connecting to PDC in this domain.”
    $ErrorOrNot = “Yes”
    Add-Content “$TestCSVFile” $ThisStr
    }
    IF ($AnyGap -eq “Yes”)
    {
    $TestStatus=”Critical”
    $TestText = “Weight and Priority for domain controller SRV records have been modified from default 100 and 0 values. Please ensure Weight and Priority have been modified to meet a purpose.”
    $SumVal = $TotNo

    The script then runs without errors but other than the headings I have no data in the CSV file. There is data in the other file.

Leave a Comment

Your email address will not be published.

Scroll to Top