[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Machines logging on the Domain.

Posted on 2014-04-10
15
Medium Priority
?
198 Views
Last Modified: 2014-04-10
Is there something (a script, software (free) I can run to see exactly what's happening when my machines try to login to my network.  I'm looking to see what DC they hit specfically.  I can put the login in Verbose mode to see the policies but I'm looking to see if I can find out how the packets are flowing.  Is this possible?  I would need to run this from my own PC I don't have access to my DCs...
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
15 Comments
 
LVL 4

Expert Comment

by:eli_cook
ID: 39991866
You can check your logon server by entering the following in the command line
echo %logonserver%

Open in new window

From the command line you can run the following to see the applied group policy objects and which server the group policy is applied from.
GPRESULT /R

Open in new window



Could you elaborate a little more on packet flow? Is there specific problem or error you are receiving?
0
 

Author Comment

by:WellingtonIS
ID: 39991874
Yes I'm looking to see how the machine actually connect to the DC's - We have issues logging in long wait times  and I'm trying to figure out the process the machine and the DC's use to connect.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39991908
You can check your logon server by entering the following in the command line




echo %logonserver%
1:



Select all

Open in new window
Another way to do this easily is at the command prompt typing   SET L
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 4

Expert Comment

by:eli_cook
ID: 39991916
I would first check the System Event logs for errors in processing Group Policy. Long wait times during login can be attributed to timeouts for Group Policy resources that are not available. I would also look at any errors that occur during a logon on the workstation. To do this I would either set a mark time that you use as your restart and only look at errors after that time or clear the event log and then restart the machine for a login.

Does this affect all machines all the time on the network or is it intermittent or only with specific machines?
0
 
LVL 17

Assisted Solution

by:Brad Bouchard
Brad Bouchard earned 1000 total points
ID: 39991922
Yes I'm looking to see how the machine actually connect to the DC's - We have issues logging in long wait times  and I'm trying to figure out the process the machine and the DC's use to connect.
Try using Wireshark.  Guide here:  http://www.wireshark.org/download/docs/user-guide-a4.pdf
0
 

Author Comment

by:WellingtonIS
ID: 39991925
not all machines just some.  But I think there's issues with the DC's because they are replicating to an office a few states away and I thing i'm logging in over the wan not locally
0
 

Author Comment

by:WellingtonIS
ID: 39991930
echo %logonserver%
1:



Select all

Open in new window


Another way to do this easily is at the command prompt typing   SET L


Will this tell if it the machine attempted to login to some other DC before It logged into mine?  Or just where the machine landed (so to speak)
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39991932
Just where it landed unfortunately.
0
 

Author Comment

by:WellingtonIS
ID: 39991941
I'm looking to see before that when the machine goes out and requests service to the DC...
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 39991947
Run the following command:
nltest /dsgetsite

Open in new window

This should return the Active Directory Site your computer is associated with.

Then run the command with the name of the logon server:
nltest /server:servernamehere /dsgetsite

Open in new window

This will return the Active Directory Site that your logon server is associated with.

Are they the same?

If so we need to see if we can figure out if your logon server is indeed at your location or the other.
0
 

Author Comment

by:WellingtonIS
ID: 39991961
yest the results are the same - the name of my site..  But is there a way to check to see if it went out to another DC first?? The structure is we are a large domain spread out over several states.  All DCs are connected.
0
 
LVL 4

Accepted Solution

by:
eli_cook earned 1000 total points
ID: 39991993
It shouldn't be contacting another site, using DNS your computer requests information about the KDC then contacts the KDC for authentication. Microsoft has a detailed break down of the interactive login process here. Like Brad had mentioned you would need to use some software like wireshark if you wanted to monitor everything that passes through your network cable.
0
 

Author Comment

by:WellingtonIS
ID: 39992021
I totally agree with you but I still suspect that some how we are.  I'll try wireshare and see.  Thanks all -
0
 

Author Closing Comment

by:WellingtonIS
ID: 39992024
Thanks all
0
 
LVL 4

Expert Comment

by:eli_cook
ID: 39992025
I would use Resultant Set of Policy (RSoP) to determine what your group policy looks like.
Type the following at the command line:  
rsop

Open in new window

to bring up the screen. You will need to analyze the areas here to determine if say a batch script is being run at logon that is meant for another site.

Logon scripts can be found Under User Configuration --> Windows Settings --> Scripts --> Logon

You will need to look at each of the scripts individually.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question