Solved

Add local admin privileges through network

Posted on 2011-03-22
9
316 Views
Last Modified: 2012-05-11
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site.  When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.

my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group.  it can take up top 8 hours before it finds the selected object.  It seems like it doesn't know where to look.  this happens in all remote sites (4).

Any help would be appreciated
0
Comment
Question by:hermypee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35193168
When you say remote sites? WHY are all your DC's all on one main site? You need to support your users.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193212
Neil hit the nail on the head.  I am also assuming one (hopefully more) of the DNS are global catalogs...
0
 

Author Comment

by:hermypee
ID: 35193298
Here is the situation.  I call them remote sites because there are only a few users per site.  Every user logs in to a Terminal Server session in the main site.  there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)

Everything is centrallized  in the main site.  I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 2

Expert Comment

by:jimponder
ID: 35193451
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes?  Are the IPSEC tunnel routers have the correct gateways in place?  Are there NAT's in place?
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193490
Have you disabled windows firewall on the remote side to verify it is not a problem?  

Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 35193588
IF you had servers in each of the sites then you should never have had DHCP issues as each of the site servers should have been running DHCP. The whole point of a local AD DC is to provide ALL of the services you would expect on the main site, not just logins.

I really think you should reconsider what you are doing.  Alternatively, IF your users ALL use TS to log into a server on your main site to do any work, remove the remote PC's from the domain and lock them down with a very restricted USER account that can run MSTSC and nothing else.
0
 

Author Comment

by:hermypee
ID: 35193644
Thank you for all your help.  
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 36314979
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question