We help IT Professionals succeed at work.

Active Directory Sites and Services

Hello everyone,
I have 3 sites. Site A is the main site and contain ALL servers (All windows Servers 2008). Site B and C are remote locations and contain NO servers. They are each on different subnets (Site A --> 10.1.10.X, Site B --> 10.2.10.X and Site C --> 10.3.10.X). Site B and Site C are connected to Site A by a dedicated T1 (1.5mb up and 1.5mb down). A Cisco 1841 is at each remote locations and handles DHCP. DHCP is configured to use the main domain controller at Site A for DNS. Site A uses the Domain Controller for DHCP.

Since the remote sites contain no domain controllers or even member servers, would I even need to configure anything in Active Directory Sites and Services? Wouldn't I only need to configure that if I had a Domain Controller at the remote location(s).

The issue I am trying to fix is long login times (3-5 minutes) and general slowness of the computer, especially in the mornings. This only occurs at the remote sites. The computers at the main site are very fast, as expected. Sometimes the computers at the remote locations speed up a little during the late morning/early afternoon. Other times it remains slow throughout the whole day. The computers themselves are relatively new (2-3 years old). Even just right clicking on a file on the desktop can take a couple minutes to display. Some of the programs that use a SQL database back at Site A will often freeze and crash. Normally this points to DNS, but all computers are set to use the DNS back at Site A and only that server (Not the ISP's DNS). From a remote computer, I can ping a server in Site A by name or IP address fine. We are doing folder redirection back to a server at Site A (see attached image).

Eventually I am going to put a Domain Controller at each site to at least speed up the login process, but until then I'm trying to hash out any other possible issues.

On a side note, none of the remote site computers show up in the reverse DNS zone lookup that I created for 10.2.10.X or 10.3.10.X. The do show up in the forward zone lookup though.  

Thanks in advance
Watch Question

how are these networks connected together? VPN? Managed mesh?
T1, ISDN ? what is the connection speeds.
Is it private or public....

Are the computers all domain based in the remote sites?


Site B and Site C are each connected back to Site A via a private 3 MB T1 (1.5 up and 1.5 down).

Yes, all computers at remote sites are joined to the domain.
its just a T1 its not 3mbit its 1.5 synchronous. Unless its some strange technology or a bonded T1

All my site are the same and logon is fast with no domain controller on site.

What about the DNS settings on the workstations, WINS?
Do they go out through their own gateway for internet, or do they go through your main site.

I would set the DNS on the offending workstation in site B to your main DNS server in site A


So, your site is setup similar then huh? Do you have anything special setup in Active Directory Sites and Services? ie, did you create new subnets in ADSS?

WINS... that was my thinking as well to at least help with name resolution. A few days ago, I setup WINS on our Domain Controller at site A. But I have not had a chance to update the DHCP on the Cisco 1841 at the remote sites to include the WINS server at site A. I hope to do that tomorrow if I can figure out the cisco commands (I'm not a cisco guy).  

All computers in site B are set to use the DNS server in site A.

Site B and site C have to go through the gateway at site A.
No sites and services only applies if you need to access domain controllers for the most part.

All my sites are the same, hub and spoke, they get everything through me, even internet.

my ISP manages all routes and what not between my sites. Its very expensive, but saves me a ton of headache. Each one of my sites is 10.10.xx.xx and my main is 10.10.10.xx
Where the third octet is the site designation 20, 30, 40, etc.

Have you tested connectivity with nslookup from site B to site A?
Logins should not take but a few seconds even when going though T1 from B to A


<<No sites and services only applies if you need to access domain controllers for the most part
Ok, that's what I thought.

Tomorrow I will go to site B and do a nslookup, I'll get back to you...

Your culprit is your T1 Line and point. I have a much more complicated network coast to coast than yours, no sites or subnets or bridgehead domain controlers, everything works perfect.

If you can not afford upgrading your existing lines to a faster one, then your only choice is to add a DC at each remote locations to speed up authentication, but as far as files or application access, it will never be better than what it is now.


Nslookups are ok. They are pointing to the main DNS server back at site A.

We have less than 15 computers at this remote site and a few VOIP phones. The Phones are connected to the VOIP box back at site A. I'm sure this contributes to the slowness.

I'll try to give my ISP a call today and see what the cost of a faster line. But regardless I don't think logins should take 4 mins with a T1.


I think we got it figured out.

I cleaned up an old old old failed domain controller from the previous IT consultant (I've only been at this job for 4 weeks so I'm still in clean up mode).

I was able to update the DHCP on the Cisco Routers at the two remote sites (site B and site C) to include the WINS server. Rebooted computers at remote site and logged into to a few of them. My login times are less than 30 seconds now and the computers are MUCH more responsive with applications, network share browsing, ect...They are about as fast as I would expect across a T1.



Explore More ContentExplore courses, solutions, and other research materials related to this topic.