hermypee
asked on
Add local admin privileges through network
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site. When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.
my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group. it can take up top 8 hours before it finds the selected object. It seems like it doesn't know where to look. this happens in all remote sites (4).
Any help would be appreciated
my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group. it can take up top 8 hours before it finds the selected object. It seems like it doesn't know where to look. this happens in all remote sites (4).
Any help would be appreciated
Neil hit the nail on the head. I am also assuming one (hopefully more) of the DNS are global catalogs...
ASKER
Here is the situation. I call them remote sites because there are only a few users per site. Every user logs in to a Terminal Server session in the main site. there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)
Everything is centrallized in the main site. I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
Everything is centrallized in the main site. I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes? Are the IPSEC tunnel routers have the correct gateways in place? Are there NAT's in place?
Have you disabled windows firewall on the remote side to verify it is not a problem?
Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all your help.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.