Solved

Add local admin privileges through network

Posted on 2011-03-22
9
315 Views
Last Modified: 2012-05-11
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site.  When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.

my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group.  it can take up top 8 hours before it finds the selected object.  It seems like it doesn't know where to look.  this happens in all remote sites (4).

Any help would be appreciated
0
Comment
Question by:hermypee
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35193168
When you say remote sites? WHY are all your DC's all on one main site? You need to support your users.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193212
Neil hit the nail on the head.  I am also assuming one (hopefully more) of the DNS are global catalogs...
0
 

Author Comment

by:hermypee
ID: 35193298
Here is the situation.  I call them remote sites because there are only a few users per site.  Every user logs in to a Terminal Server session in the main site.  there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)

Everything is centrallized  in the main site.  I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 2

Expert Comment

by:jimponder
ID: 35193451
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes?  Are the IPSEC tunnel routers have the correct gateways in place?  Are there NAT's in place?
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193490
Have you disabled windows firewall on the remote side to verify it is not a problem?  

Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 35193588
IF you had servers in each of the sites then you should never have had DHCP issues as each of the site servers should have been running DHCP. The whole point of a local AD DC is to provide ALL of the services you would expect on the main site, not just logins.

I really think you should reconsider what you are doing.  Alternatively, IF your users ALL use TS to log into a server on your main site to do any work, remove the remote PC's from the domain and lock them down with a very restricted USER account that can run MSTSC and nothing else.
0
 

Author Comment

by:hermypee
ID: 35193644
Thank you for all your help.  
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 36314979
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question