Solved

Active Directory Child Domain Configuration / User Authentication

Posted on 2011-02-19
5
1,468 Views
Last Modified: 2012-05-11
Hi,

Windows 2003 R2 AD

I have corp.local and I created city1.corp.local and city2.corp.local (each child domain are interconnected to the corp.local by site to site VPN.

At the corp.local level we have :
Exchange server
An Accounting Terminal Server

I want to improve the login process into the corp Terminal Server for Child Domain user. Right now the user can successfully log on to the terminal server, (city1\user) but the total login process can take up to 2 min.

I added a child domain controller (city1) in the corp lan. But, this seems to stay slow. How can I get my Child domain User to authenticate fast to the Terminal Server.

I'm looking to Add Site in the Site and Service, but I never played much with it except for testing purposes. Should I go this path or there is a more easy way to do it.


FYI : city1 and city2 are managed independly by local administrator (I'm working for a WorldWide Company.

Thanks,

0
Comment
Question by:bmdgi
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 34934127
By any chance do your users have user profiles assigned? When logging onto a terminal server it may take a while as the users desktop/my documents and other files in the profile is loaded.  In the past I have bypassed this by using a group policy applied to the terminal server in which I disabled the user profile from loading. I believe these two GPO settings may be useful.

http://support.microsoft.com/?kbid=231287
and
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22731873.html
0
 
LVL 1

Author Comment

by:bmdgi
ID: 34934214
Hi

Thanks for your input. I force a group policy loopback on the terminal to avoid those errors. My problem i want to understand why my child dc in my Corp Lan doesn't seems to improve the login process. Any idea ?
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 250 total points
ID: 34935840
You HAVE TO have AD Sites and Services properly configured. That is the correct and only way to make sure that you talk to the closest server for a variety of things including AD authentication.
0
 
LVL 3

Assisted Solution

by:thomasd04
thomasd04 earned 250 total points
ID: 34937230
Hi bmdgi. kevinhsieh is correct, you must configure a new site for the location in AD. Here's how to do it:
http://technet.microsoft.com/en-us/library/cc781496%28WS.10%29.aspx. AD will automatically create a 'Default Site-Link' used to schedule replication. You may want to do a little research to create or modify the site-link to fit your needs. Good luck!

0
 
LVL 1

Author Closing Comment

by:bmdgi
ID: 34945757
Nice, this fixed my problems. It's quite simple when you know it.

Thanks,
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Audit active directory trust relationships 2 27
Domain Logon scripts 14 49
Domain Administrator locked out "Again" 7 57
AD issue after VM restore 5 13
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question