Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory Child Domain Configuration / User Authentication

Posted on 2011-02-19
5
Medium Priority
?
1,475 Views
Last Modified: 2012-05-11
Hi,

Windows 2003 R2 AD

I have corp.local and I created city1.corp.local and city2.corp.local (each child domain are interconnected to the corp.local by site to site VPN.

At the corp.local level we have :
Exchange server
An Accounting Terminal Server

I want to improve the login process into the corp Terminal Server for Child Domain user. Right now the user can successfully log on to the terminal server, (city1\user) but the total login process can take up to 2 min.

I added a child domain controller (city1) in the corp lan. But, this seems to stay slow. How can I get my Child domain User to authenticate fast to the Terminal Server.

I'm looking to Add Site in the Site and Service, but I never played much with it except for testing purposes. Should I go this path or there is a more easy way to do it.


FYI : city1 and city2 are managed independly by local administrator (I'm working for a WorldWide Company.

Thanks,

0
Comment
Question by:bmdgi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 34934127
By any chance do your users have user profiles assigned? When logging onto a terminal server it may take a while as the users desktop/my documents and other files in the profile is loaded.  In the past I have bypassed this by using a group policy applied to the terminal server in which I disabled the user profile from loading. I believe these two GPO settings may be useful.

http://support.microsoft.com/?kbid=231287
and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22731873.html
0
 
LVL 1

Author Comment

by:bmdgi
ID: 34934214
Hi

Thanks for your input. I force a group policy loopback on the terminal to avoid those errors. My problem i want to understand why my child dc in my Corp Lan doesn't seems to improve the login process. Any idea ?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 1000 total points
ID: 34935840
You HAVE TO have AD Sites and Services properly configured. That is the correct and only way to make sure that you talk to the closest server for a variety of things including AD authentication.
0
 
LVL 3

Assisted Solution

by:thomasd04
thomasd04 earned 1000 total points
ID: 34937230
Hi bmdgi. kevinhsieh is correct, you must configure a new site for the location in AD. Here's how to do it:
http://technet.microsoft.com/en-us/library/cc781496%28WS.10%29.aspx. AD will automatically create a 'Default Site-Link' used to schedule replication. You may want to do a little research to create or modify the site-link to fit your needs. Good luck!

0
 
LVL 1

Author Closing Comment

by:bmdgi
ID: 34945757
Nice, this fixed my problems. It's quite simple when you know it.

Thanks,
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question