?
Solved

Add local admin privileges through network

Posted on 2011-03-22
9
Medium Priority
?
321 Views
Last Modified: 2012-05-11
Hello, I have multiple sites that are connected through IPSEC tunnels. My domain controllers are all on one main site.  When i log on with a computer in a remote site with a brand new user created in AD , it works fine so my LDAP query is good.

my problem is this : If i wish to give local administrator privilleges on the remote computer, i go through the usual process in the adminsitrators group.  it can take up top 8 hours before it finds the selected object.  It seems like it doesn't know where to look.  this happens in all remote sites (4).

Any help would be appreciated
0
Comment
Question by:hermypee
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35193168
When you say remote sites? WHY are all your DC's all on one main site? You need to support your users.
Have you created AD SITES In active directory sites and services? If you have you MUST put a DC in each site, at least one.
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193212
Neil hit the nail on the head.  I am also assuming one (hopefully more) of the DNS are global catalogs...
0
 

Author Comment

by:hermypee
ID: 35193298
Here is the situation.  I call them remote sites because there are only a few users per site.  Every user logs in to a Terminal Server session in the main site.  there is no Data stored in these remote sites. Of course there are GC's in the main site otherwise i would be far from a solution :)

Everything is centrallized  in the main site.  I had setup DC's in the sites but was no need for them , since I was having issues with booting up because of the DHCP authorization would timeout 9 out of 10 times.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 2

Expert Comment

by:jimponder
ID: 35193451
How long does it take to do a force replication on your DNS to all of the machines if you start the force from one of the DNS boxes?  Are the IPSEC tunnel routers have the correct gateways in place?  Are there NAT's in place?
0
 
LVL 2

Expert Comment

by:jimponder
ID: 35193490
Have you disabled windows firewall on the remote side to verify it is not a problem?  

Some healthy reading...
http://support.microsoft.com/default.aspx?scid=kb;en-us;313195
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 2000 total points
ID: 35193588
IF you had servers in each of the sites then you should never have had DHCP issues as each of the site servers should have been running DHCP. The whole point of a local AD DC is to provide ALL of the services you would expect on the main site, not just logins.

I really think you should reconsider what you are doing.  Alternatively, IF your users ALL use TS to log into a server on your main site to do any work, remove the remote PC's from the domain and lock them down with a very restricted USER account that can run MSTSC and nothing else.
0
 

Author Comment

by:hermypee
ID: 35193644
Thank you for all your help.  
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 36314979
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question