?
Solved

Add local admin privileges through network

Posted on 2011-03-22
9
Medium Priority
?
319 Views
Last Modified: 2012-05-11
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site.  When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.

my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group.  it can take up top 8 hours before it finds the selected object.  It seems like it doesn't know where to look.  this happens in all remote sites (4).

Any help would be appreciated
0
Comment
Question by:hermypee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35193168
When you say remote sites? WHY are all your DC's all on one main site? You need to support your users.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193212
Neil hit the nail on the head.  I am also assuming one (hopefully more) of the DNS are global catalogs...
0
 

Author Comment

by:hermypee
ID: 35193298
Here is the situation.  I call them remote sites because there are only a few users per site.  Every user logs in to a Terminal Server session in the main site.  there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)

Everything is centrallized  in the main site.  I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:jimponder
ID: 35193451
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes?  Are the IPSEC tunnel routers have the correct gateways in place?  Are there NAT's in place?
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193490
Have you disabled windows firewall on the remote side to verify it is not a problem?  

Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 2000 total points
ID: 35193588
IF you had servers in each of the sites then you should never have had DHCP issues as each of the site servers should have been running DHCP. The whole point of a local AD DC is to provide ALL of the services you would expect on the main site, not just logins.

I really think you should reconsider what you are doing.  Alternatively, IF your users ALL use TS to log into a server on your main site to do any work, remove the remote PC's from the domain and lock them down with a very restricted USER account that can run MSTSC and nothing else.
0
 

Author Comment

by:hermypee
ID: 35193644
Thank you for all your help.  
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 36314979
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question