Solved

Add local admin privileges through network

Posted on 2011-03-22
9
312 Views
Last Modified: 2012-05-11
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site.  When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.

my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group.  it can take up top 8 hours before it finds the selected object.  It seems like it doesn't know where to look.  this happens in all remote sites (4).

Any help would be appreciated
0
Comment
Question by:hermypee
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
When you say remote sites? WHY are all your DC's all on one main site? You need to support your users.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.
0
 
LVL 2

Expert Comment

by:jimponder
Comment Utility
Neil hit the nail on the head.  I am also assuming one (hopefully more) of the DNS are global catalogs...
0
 

Author Comment

by:hermypee
Comment Utility
Here is the situation.  I call them remote sites because there are only a few users per site.  Every user logs in to a Terminal Server session in the main site.  there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)

Everything is centrallized  in the main site.  I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
0
 
LVL 2

Expert Comment

by:jimponder
Comment Utility
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes?  Are the IPSEC tunnel routers have the correct gateways in place?  Are there NAT's in place?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Expert Comment

by:jimponder
Comment Utility
Have you disabled windows firewall on the remote side to verify it is not a problem?  

Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
Comment Utility
IF you had servers in each of the sites then you should never have had DHCP issues as each of the site servers should have been running DHCP. The whole point of a local AD DC is to provide ALL of the services you would expect on the main site, not just logins.

I really think you should reconsider what you are doing.  Alternatively, IF your users ALL use TS to log into a server on your main site to do any work, remove the remote PC's from the domain and lock them down with a very restricted USER account that can run MSTSC and nothing else.
0
 

Author Comment

by:hermypee
Comment Utility
Thank you for all your help.  
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now