?
Solved

Active Directory Child Domain Configuration / User Authentication

Posted on 2011-02-19
5
Medium Priority
?
1,473 Views
Last Modified: 2012-05-11
Hi,

Windows 2003 R2 AD

I have corp.local and I created city1.corp.local and city2.corp.local (each child domain are interconnected to the corp.local by site to site VPN.

At the corp.local level we have :
Exchange server
An Accounting Terminal Server

I want to improve the login process into the corp Terminal Server for Child Domain user. Right now the user can successfully log on to the terminal server, (city1\user) but the total login process can take up to 2 min.

I added a child domain controller (city1) in the corp lan. But, this seems to stay slow. How can I get my Child domain User to authenticate fast to the Terminal Server.

I'm looking to Add Site in the Site and Service, but I never played much with it except for testing purposes. Should I go this path or there is a more easy way to do it.


FYI : city1 and city2 are managed independly by local administrator (I'm working for a WorldWide Company.

Thanks,

0
Comment
Question by:bmdgi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 34934127
By any chance do your users have user profiles assigned? When logging onto a terminal server it may take a while as the users desktop/my documents and other files in the profile is loaded.  In the past I have bypassed this by using a group policy applied to the terminal server in which I disabled the user profile from loading. I believe these two GPO settings may be useful.

http://support.microsoft.com/?kbid=231287
and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22731873.html
0
 
LVL 1

Author Comment

by:bmdgi
ID: 34934214
Hi

Thanks for your input. I force a group policy loopback on the terminal to avoid those errors. My problem i want to understand why my child dc in my Corp Lan doesn't seems to improve the login process. Any idea ?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 1000 total points
ID: 34935840
You HAVE TO have AD Sites and Services properly configured. That is the correct and only way to make sure that you talk to the closest server for a variety of things including AD authentication.
0
 
LVL 3

Assisted Solution

by:thomasd04
thomasd04 earned 1000 total points
ID: 34937230
Hi bmdgi. kevinhsieh is correct, you must configure a new site for the location in AD. Here's how to do it:
http://technet.microsoft.com/en-us/library/cc781496%28WS.10%29.aspx. AD will automatically create a 'Default Site-Link' used to schedule replication. You may want to do a little research to create or modify the site-link to fit your needs. Good luck!

0
 
LVL 1

Author Closing Comment

by:bmdgi
ID: 34945757
Nice, this fixed my problems. It's quite simple when you know it.

Thanks,
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question