Select a query policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To select a query policy

  1. Open Active Directory Sites and Services.

  2. In the console tree, click the domain controller whose query policy you want to change.


    • Active Directory Sites and Services/Sites/site that contains the domain controller whose query policy you want to change/Servers/domain controller whose query policy you want to change
  3. In the details pane, right-click NTDS Settings, and then click Properties.

  4. On the General tab, in Query Policy, click a query policy.


  • To perform this procedure, you must be a member of the Domain Admins group (in the domain of the selected domain controller) or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Sites and Services, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Sites and Services.

  • A query policy prevents specific Lightweight Directory Access Protocol (LDAP) operations from adversely impacting the performance of the domain controller and also makes the domain controller more resilient to denial-of-service attacks.

  • To create or modify query policies, use the Ntdsutil command-line tool.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Using Ntdsutil