Improve company productivity with a Business Account.Sign Up

x
?
Solved

Windows 2008 Sites and Services

Posted on 2015-02-10
6
Medium Priority
?
157 Views
Last Modified: 2015-02-10
Hi All,

I am working on a clients network and they complain of slow logins.  I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location.

Is there an advantage of doing this?  When I expand one of the remote sites I see the servers but the servers cannot be expanded.  It is almost like if they were removed from AD.  But if I expand their central location then I can expand the servers and force replicate.

I have not see this type of setup.  Usually if you create a site then you will also have a dedicated server listed it at that site and located at that physical location.  This will help with long login time issues

All of the sites connect to the central building through a Gig link so I do see why the users are taking longer than 20 minutes to login

any ideas
0
Comment
Question by:thomasm1948
  • 3
  • 2
6 Comments
 
LVL 36

Expert Comment

by:it_saige
ID: 40600915
How many remote sites are we talking about?  It might prove beneficial to implement RODC's in the remote locations.

https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx

-saige-
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40601009
First thing I would be checking if sites and services are not set properly is the following...
After successful login open the command prompt and type set logonserver

This will tell you what DC you authenticated to when you logged into your machine. If sites and services are configured properly you should only be authenticating to a DC in your site. If you are authenticating to a DC in another site depending, and it is a slow link then it will take longer to login.

I would also check to ensure that you are also not using roaming profiles as well.

Will.
0
 
LVL 36

Expert Comment

by:it_saige
ID: 40601019
@Will - Author commented:
I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location.
-saige-
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:thomasm1948
ID: 40601064
"I opened their AD sites and Services and noticed that the previous network administrator created sites for all of their remote site but all of their DCs are located at one central location."

Please see the attachment.  As you see that all the servers are the same for each of the sites.  For the sites where the servers are not physically located, the servers cannot be expanded.  

You can only expand the servers where the servers are physically located.  I never seen this type of setup and wondering if this is causing some of their issues
Sites.JPG
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1000 total points
ID: 40601084
Correct so sites and services are not configured properly. Your remote machines are then authenticating over the wire to your main office. This is the reason why you are getting slow logins.

I personally would not recommend using an RODC as there are too many dependencies that are required from a RWDC in another site. Take a look at a PAQ that i have answered based on pro/con for RODC's.

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_28329964.html

Also you will need to ensure that credential caching is enabled when using RODC to allow subsequetn logins will fail.
See the below link for more details.
https://technet.microsoft.com/en-us/library/cc753470%28v=ws.10%29.aspx

Will.
0
 
LVL 36

Assisted Solution

by:it_saige
it_saige earned 1000 total points
ID: 40601092
It is a relevant concern.  And could most definitely cause issues depending upon the overall number of users and authentication requests that your current DC's handle.

I would recommend either RODC's or DC's at each of the remote locations.

-saige-
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question