Solved

Active Directory Child Domain Configuration / User Authentication

Posted on 2011-02-19
5
1,466 Views
Last Modified: 2012-05-11
Hi,

Windows 2003 R2 AD

I have corp.local and I created city1.corp.local and city2.corp.local (each child domain are interconnected to the corp.local by site to site VPN.

At the corp.local level we have :
Exchange server
An Accounting Terminal Server

I want to improve the login process into the corp Terminal Server for Child Domain user. Right now the user can successfully log on to the terminal server, (city1\user) but the total login process can take up to 2 min.

I added a child domain controller (city1) in the corp lan. But, this seems to stay slow. How can I get my Child domain User to authenticate fast to the Terminal Server.

I'm looking to Add Site in the Site and Service, but I never played much with it except for testing purposes. Should I go this path or there is a more easy way to do it.


FYI : city1 and city2 are managed independly by local administrator (I'm working for a WorldWide Company.

Thanks,

0
Comment
Question by:bmdgi
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 34934127
By any chance do your users have user profiles assigned? When logging onto a terminal server it may take a while as the users desktop/my documents and other files in the profile is loaded.  In the past I have bypassed this by using a group policy applied to the terminal server in which I disabled the user profile from loading. I believe these two GPO settings may be useful.

http://support.microsoft.com/?kbid=231287
and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22731873.html
0
 
LVL 1

Author Comment

by:bmdgi
ID: 34934214
Hi

Thanks for your input. I force a group policy loopback on the terminal to avoid those errors. My problem i want to understand why my child dc in my Corp Lan doesn't seems to improve the login process. Any idea ?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 250 total points
ID: 34935840
You HAVE TO have AD Sites and Services properly configured. That is the correct and only way to make sure that you talk to the closest server for a variety of things including AD authentication.
0
 
LVL 3

Assisted Solution

by:thomasd04
thomasd04 earned 250 total points
ID: 34937230
Hi bmdgi. kevinhsieh is correct, you must configure a new site for the location in AD. Here's how to do it:
http://technet.microsoft.com/en-us/library/cc781496%28WS.10%29.aspx. AD will automatically create a 'Default Site-Link' used to schedule replication. You may want to do a little research to create or modify the site-link to fit your needs. Good luck!

0
 
LVL 1

Author Closing Comment

by:bmdgi
ID: 34945757
Nice, this fixed my problems. It's quite simple when you know it.

Thanks,
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now