    I currently have 2 domain controllers.

    dc1 ->
    dc2 -> (I’ve recently installed this)

    Both of these DC’s are in the same site when viewing sites and services.

    When users logon in the morning, dc1 gets hammered. lsass consumes 80-100% CPU whilst dc2 sits there doing nothing.

    I’ve checked to make sure there are no weightings/priority set within DNS (thryre default) and i’ve also checked to make sure round robin is enabled on both servers (which it is).

    From what i’ve read, when you add a secondary domain controller it should automatically start to service clients – assuming it is in the same site and dns round robin is on. You can also fiddle with priority/weighting to direct clients to particular server but ‘out of the box’ dns should balance the load to a degree.

    Looking at my dhcp scopes, all the clients are given dc1 as their primary dns server.

    So, one way I thought to balance the load is to split the dhcp scopes so that half get dc1 and the other half get dc2 as their primary dns servers.

    Am I right in thinking that a client will use the DC it has as its primary dns server to logon with? IE if a client queries its dns server and says “who can I authenticate with” – will the dns server respond by saying “well, your already on my server so use me” or will it use round robin between the DC’s specified in your site to spread the load?

    If the dns server says to the client “well your already on my server so use me to logon with” – then splitting the dhcp scopes would resolve my problem?

    Am I approaching this right? Does anyone else have a suggestion on how to measure load on DC’s, or how to ensure it is split evenly etc?


