Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Browsing Active Directory on Windows Server 2012 is extremely slow

Posted on 2014-02-02
7
Medium Priority
?
993 Views
Last Modified: 2014-02-03
I have a configuration with two servers. One is domain controller, the second is mail server.
The DC is running on MS Windows Server 2012 STD. Further it is running from an ESXi server (so it is virtual) and has 16GB of RAM. It has the following roles installed:

1. Domain Controller (Active Directory)
2. DNS
3. File server
4. IIS
5. Print server

When I try to edit details in Active Directory, it is responding very slow. For example opening an user account takes up to 30 seconds, just to display the settings. When I try to change some items, applying it is taking very long as well. Also, just opening AD takes a long time. Just for the record, this only occurs to AD, all the other configured services are normal and respond quickly.

The DNS server is pointing to itself (127.0.0.1) and when I check the performance it is very regular. I performed a performance check when I tried to open AD which did not show any peaks on Memory, I/O, CPU etc.

Has anyone seen this before, and more important: does anyone have any ideas that can point me to the solution?
0
Comment
Question by:dtwild
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 5

Expert Comment

by:JurajUQU
ID: 39828740
It's an DNS issue. Don't set it as 127.0.0.0 as that's a loopback address but as the actuall IP of the server.
0
 

Author Comment

by:dtwild
ID: 39828763
I replaced the 127.0.0.1 with the actual IP address of the server.
Then I performed the following commands:

ipconfig /flushdns
ipconfig /registerdns

It seems to be only slower now though.
Is there anything else I might look into?
0
 
LVL 5

Expert Comment

by:JurajUQU
ID: 39828766
look at the event view for DNS. This is def a network issue/DNS setup misconfiguration.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829671
Using the loopback IP or the actual IP of the server will not change a thing, with regards to performance. Have you checked the processes that are running on your DC (CPU/RAM)? If you install RSAT (remote server admin tools) on another member server or a workstation do you experience the same slowness? Also check the disk access is it encountering a lot of read/writes? Use Performance Monitor to check this.

Will.
0
 

Author Comment

by:dtwild
ID: 39831114
Hi guys,

I checked the performance, but that looks all normal.
A funny thing though, I removed the antivirus which fixed it all. AD responds quick now..

I use Trend Micro Worry Free Business Security version 8.0. Do you have any ideas how to install the antivirus in such a way that it doesnt affect the performance? Obviously I like the server to be protected.

thanks!
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39831189
Well that makes perfect sense. Depending on the server you are installing the anti-virus software on there is usually some kind of exclusions that are recommended for performance issues.

Below is a link which outlines the recommended AV exclusions for domain controllers.
Domain Controller Exceptions

Will.
0
 

Author Closing Comment

by:dtwild
ID: 39831481
awesome, this fixed it. Thanks!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question