Solved

Active Directory Child Domain Configuration / User Authentication

Posted on 2011-02-19
5
1,467 Views
Last Modified: 2012-05-11
Hi,

Windows 2003 R2 AD

I have corp.local and I created city1.corp.local and city2.corp.local (each child domain are interconnected to the corp.local by site to site VPN.

At the corp.local level we have :
Exchange server
An Accounting Terminal Server

I want to improve the login process into the corp Terminal Server for Child Domain user. Right now the user can successfully log on to the terminal server, (city1\user) but the total login process can take up to 2 min.

I added a child domain controller (city1) in the corp lan. But, this seems to stay slow. How can I get my Child domain User to authenticate fast to the Terminal Server.

I'm looking to Add Site in the Site and Service, but I never played much with it except for testing purposes. Should I go this path or there is a more easy way to do it.


FYI : city1 and city2 are managed independly by local administrator (I'm working for a WorldWide Company.

Thanks,

0
Comment
Question by:bmdgi
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 34934127
By any chance do your users have user profiles assigned? When logging onto a terminal server it may take a while as the users desktop/my documents and other files in the profile is loaded.  In the past I have bypassed this by using a group policy applied to the terminal server in which I disabled the user profile from loading. I believe these two GPO settings may be useful.

http://support.microsoft.com/?kbid=231287
and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22731873.html
0
 
LVL 1

Author Comment

by:bmdgi
ID: 34934214
Hi

Thanks for your input. I force a group policy loopback on the terminal to avoid those errors. My problem i want to understand why my child dc in my Corp Lan doesn't seems to improve the login process. Any idea ?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 250 total points
ID: 34935840
You HAVE TO have AD Sites and Services properly configured. That is the correct and only way to make sure that you talk to the closest server for a variety of things including AD authentication.
0
 
LVL 3

Assisted Solution

by:thomasd04
thomasd04 earned 250 total points
ID: 34937230
Hi bmdgi. kevinhsieh is correct, you must configure a new site for the location in AD. Here's how to do it:
http://technet.microsoft.com/en-us/library/cc781496%28WS.10%29.aspx. AD will automatically create a 'Default Site-Link' used to schedule replication. You may want to do a little research to create or modify the site-link to fit your needs. Good luck!

0
 
LVL 1

Author Closing Comment

by:bmdgi
ID: 34945757
Nice, this fixed my problems. It's quite simple when you know it.

Thanks,
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question