Besides dsHeuristics which is stored in the configuration partition, Domain Controllers’ behavior is also governed by the DSA Heuristics value stored in the local registry of each DC. The registry value is not present by default but can be added if you should need it:
Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters
Value: “DSA Heuristics”
Type: REG_SZThe syntax is similar to dsHeuristics – a string where each character influences the DCs behavior if it contains a non-zero digit. This value is not very well documented, but so far, the following parameters could be confirmed:
| Position | Behavior if set to 1 |
|---|---|
| 1 | Allow activation of write cache on disks containing the DIT and log files |
| 2 | SD propagator will perform additional sanity checks on SDs |
| 3 | Ignore LDAP Policy: maxSearches, maxConnections, IPDenyList (bypass limit checks) |
| 4 | – not used – |
| 5 | (obsolete) activate compression of intersite replication mails |
| 6 | suppress background activities |
| 7 | ignore bad default SD (in schema, to allow booting the DC) |
| 8 | disable circular logging |
| 9 | return error if a GC search is using a non-GC attribute |
| 10 | decouple automatic defragmentation from garbage collection |
| 11 | disable strict restart blob check |
| 12 | disable search signature hash on paged searches |
Most of the information published so far has already been forgotten by the Internet.