Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 155
  • Last Modified:

Windows 2008 Sites and Services

Hi All,

I am working on a clients network and they complain of slow logins.  I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location.

Is there an advantage of doing this?  When I expand one of the remote sites I see the servers but the servers cannot be expanded.  It is almost like if they were removed from AD.  But if I expand their central location then I can expand the servers and force replicate.

I have not see this type of setup.  Usually if you create a site then you will also have a dedicated server listed it at that site and located at that physical location.  This will help with long login time issues

All of the sites connect to the central building through a Gig link so I do see why the users are taking longer than 20 minutes to login

any ideas
0
thomasm1948
Asked:
thomasm1948
  • 3
  • 2
2 Solutions
 
it_saigeDeveloperCommented:
How many remote sites are we talking about?  It might prove beneficial to implement RODC's in the remote locations.

https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx

-saige-
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
First thing I would be checking if sites and services are not set properly is the following...
After successful login open the command prompt and type set logonserver

This will tell you what DC you authenticated to when you logged into your machine. If sites and services are configured properly you should only be authenticating to a DC in your site. If you are authenticating to a DC in another site depending, and it is a slow link then it will take longer to login.

I would also check to ensure that you are also not using roaming profiles as well.

Will.
0
 
it_saigeDeveloperCommented:
@Will - Author commented:
I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location.
-saige-
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
thomasm1948Author Commented:
"I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location."

Please see the attachment.  As you see that all the servers are the same for each of the sites.  For the sites where the servers are not physically located, the servers cannot be expanded.  

You can only expand the servers where the servers are physically located.  I never seen this type of setup and wondering if this is causing some of their issues
Sites.JPG
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Correct so sites and services are not configured properly. Your remote machines are then authenticating over the wire to your main office. This is the reason why you are getting slow logins.

I personally would not recommend using an RODC as there are too many dependencies that are required from a RWDC in another site. Take a look at a PAQ that i have answered based on pro/con for RODC's.

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28329964.html

Also you will need to ensure that credential caching is enabled when using RODC to allow subsequetn logins will fail.
See the below link for more details.
https://technet.microsoft.com/en-us/library/cc753470%28v=ws.10%29.aspx

Will.
0
 
it_saigeDeveloperCommented:
It is a relevant concern.  And could most definitely cause issues depending upon the overall number of users and authentication requests that your current DC's handle.

I would recommend either RODC's or DC's at each of the remote locations.

-saige-
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now