Solved

Managing AD from Remote DC

Posted on 2007-11-20
9
204 Views
Last Modified: 2010-03-17
Hi when i want to manage my Active Directory from one of my remote site domain controllers its painfully slow. It seems particularly slow when trying to edit GPO's

Any ideas?
0
Comment
Question by:kingcastle
  • 4
  • 3
  • 2
9 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
How are you connecting to the remote DC - are you using a remote desktop connection or VPN, or both, or something else?
0
 

Author Comment

by:kingcastle
Comment Utility
im actually at the remote site working on the dc at the site. the sites are linkd via wan links dedicated

ta
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
I imagine the slowness has to do with trying to make changes in AD over a WAN link.  I would try using the administrative remote desktop connection to one of the servers at your main site instead of just opening the management console locally.  If you're not familiar with doing this, you would use the following command line (Start/Run): mstsc /v:[servername or IP] /console
0
 

Author Comment

by:kingcastle
Comment Utility
i thought that if i had a domain controller locally ie at the remote site then everything on ad would run as if i was at the may site. is this not the case then?

ta
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
if you are working locally, then yes, it should scream....however, if you are using the adminpak on your machine, it is probably binding to the servers in the wrong site.....you would be much better as above, remoting in and doing it that way
0
 

Author Comment

by:kingcastle
Comment Utility
why would it be hitting the servers in the wrong site?

will it be doing the same thing trying to run gp's ie hitting the wrong serves?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
well not the wrong onces as such, but the ones in your other site......just see which DC you are binding too....(i use vista and the adminpak is crap so i cant show you specifically where to check)

Have you got a GC in that site?
0
 

Author Comment

by:kingcastle
Comment Utility
yeah gc already there how do i now which dc in binded to

cheers
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
Comment Utility
For management of AD Users/Computers and DNS, you can focus the management console on the local DC by selecting that DC from the snap-in, or creating your own custom console and pre-selecting the local DC.  When you open ADUC, for example, if you look at the top level object (Active Directory Users and Computers) it tells you to which DC it is connected. If you are opening the default console (rather than using a customized one), it will always connect to the FSMO role holder (Infrastructure master) in the domain. You can change the focus by right-clicking on the domain name object and choosing "Connect to Domain Controller."

However, for group policies that potentially affect the entire domain, when using the Group Policy Mgmt. console, I'm pretty sure it will always be trying to connect to the FSMO role holder(s) in the domain.  If your local office is a child domain, however, you might be able to create a custom GPMC that focuses only on the child domain. I'm not sure about this, since I manage domains that are too small to require any child domains in the forest.

Another thing you can look at is whether general WAN traffic is simply causing this particularly intensive activity to be slow.  Maybe you should be setting a greater replication interval between this DC and the main office DCs - the default interval is 5 minutes.  Here's an article that contains that info as well as some other ways to control WAN traffic:

http://support.microsoft.com/kb/819108/en-us
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now