Solved

Managing AD from Remote DC

Posted on 2007-11-20
9
231 Views
Last Modified: 2010-03-17
Hi when i want to manage my Active Directory from one of my remote site domain controllers its painfully slow. It seems particularly slow when trying to edit GPO's

Any ideas?
0
Comment
Question by:kingcastle
  • 4
  • 3
  • 2
9 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20322609
How are you connecting to the remote DC - are you using a remote desktop connection or VPN, or both, or something else?
0
 

Author Comment

by:kingcastle
ID: 20323396
im actually at the remote site working on the dc at the site. the sites are linkd via wan links dedicated

ta
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20323715
I imagine the slowness has to do with trying to make changes in AD over a WAN link.  I would try using the administrative remote desktop connection to one of the servers at your main site instead of just opening the management console locally.  If you're not familiar with doing this, you would use the following command line (Start/Run): mstsc /v:[servername or IP] /console
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:kingcastle
ID: 20323784
i thought that if i had a domain controller locally ie at the remote site then everything on ad would run as if i was at the may site. is this not the case then?

ta
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20323801
if you are working locally, then yes, it should scream....however, if you are using the adminpak on your machine, it is probably binding to the servers in the wrong site.....you would be much better as above, remoting in and doing it that way
0
 

Author Comment

by:kingcastle
ID: 20323845
why would it be hitting the servers in the wrong site?

will it be doing the same thing trying to run gp's ie hitting the wrong serves?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20323878
well not the wrong onces as such, but the ones in your other site......just see which DC you are binding too....(i use vista and the adminpak is crap so i cant show you specifically where to check)

Have you got a GC in that site?
0
 

Author Comment

by:kingcastle
ID: 20324102
yeah gc already there how do i now which dc in binded to

cheers
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 20328119
For management of AD Users/Computers and DNS, you can focus the management console on the local DC by selecting that DC from the snap-in, or creating your own custom console and pre-selecting the local DC.  When you open ADUC, for example, if you look at the top level object (Active Directory Users and Computers) it tells you to which DC it is connected. If you are opening the default console (rather than using a customized one), it will always connect to the FSMO role holder (Infrastructure master) in the domain. You can change the focus by right-clicking on the domain name object and choosing "Connect to Domain Controller."

However, for group policies that potentially affect the entire domain, when using the Group Policy Mgmt. console, I'm pretty sure it will always be trying to connect to the FSMO role holder(s) in the domain.  If your local office is a child domain, however, you might be able to create a custom GPMC that focuses only on the child domain. I'm not sure about this, since I manage domains that are too small to require any child domains in the forest.

Another thing you can look at is whether general WAN traffic is simply causing this particularly intensive activity to be slow.  Maybe you should be setting a greater replication interval between this DC and the main office DCs - the default interval is 5 minutes.  Here's an article that contains that info as well as some other ways to control WAN traffic:

http://support.microsoft.com/kb/819108/en-us
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question