Prove that there is no need for additional domain controller

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

On a remote site users log in with accounts which has group policies applied
to it and sometimes it takes about 50 seconds to complete the entire login
operation. Logging on from the main site with same account it takes about
the same 50 seconds. However, sometimes users complain that the same
accounts when logging on from that site takes about 4 minutes. That's a T1
connection between the remote site and main office and T1 utilization
according to the network folks is supposed to be low.

Any tool to analyze how long it is taking to get settings from domain
controllers and help me demonstrate if I would benefit from installing a
domain controller there on the remote site ?
 
If its a point you want to get across to you management that hey
Management we need to setup another DC in the remote site and not
have people creating all this traffic over our T1 lines. Actually
use the bandwidth for better business purposes.

Microsoft has some best practices documentation which you could
fwd to them.

I dont know of a tool which would let you do this. But the fact
that users at time take 4 minutes to logon is proof enough to put
another site in there.

Also I dont see why users would take a whole of 50 seconds to get
onto their desktop after logon.

I would suspect misconfigured DNS Settings to be the cause of
this. Thats the primary cause.

Sorry dont know of the tool though. You could put that request up
on the microsoft wishlist too. Thats a good idea of having a tool
which does some stress-tests between sites and gives you the
MIcrosoft Recommendations.

http://www.microsoft.com/globaldev/outreach/ideas/ideaSubmit.aspx
 
--------------------
| From: "Gautam Anand" <[email protected]>
| References: <#[email protected]>
| Subject: Re: Prove that there is no need for additional domain controller
| Date: Thu, 30 Sep 2004 23:55:01 +0530
| Lines: 26
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: dsl.delhi.192.4.101.203.touchtelindia.net 203.101.4.192
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15
phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:87823
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| If its a point you want to get across to you management that hey
| Management we need to setup another DC in the remote site and not
| have people creating all this traffic over our T1 lines. Actually
| use the bandwidth for better business purposes.
|
| Microsoft has some best practices documentation which you could
| fwd to them.
|
| I dont know of a tool which would let you do this. But the fact
| that users at time take 4 minutes to logon is proof enough to put
| another site in there.
|
| Also I dont see why users would take a whole of 50 seconds to get
| onto their desktop after logon.
|
| I would suspect misconfigured DNS Settings to be the cause of
| this. Thats the primary cause.
|
| Sorry dont know of the tool though. You could put that request up
| on the microsoft wishlist too. Thats a good idea of having a tool
| which does some stress-tests between sites and gives you the
| MIcrosoft Recommendations.
|
| http://www.microsoft.com/globaldev/outreach/ideas/ideaSubmit.aspx
|
|
|



I would check the following

1. do you have sites and services set up? Even if you DO set up another
domain controller you will need to have the sites and subnets set up
correctly in oirder to take advantage of it.

2. you can do a GPupdate on the desktops and it will tell you were your
GPO's came from look right after
"USER SETTINGS" you will see a "Group Policy was applied from:

3. you can use :
221833 How to enable user environment debug logging in retail builds of
Windows
http://support.microsoft.com/?id=221833
to turn up userenv Logging on the client this is a littel cryptic but it
WILL show what is going on during the logon phase.
Look for long gaps on the timestamp in the userenv.log file.

4. Find the delta! there is SOME difference in the machines that log in
in 50 secosds and the ones that take 4 minutes.
You may find that there is 1 DC out there that just can't handle the load.

5. Having another DC/GC on a remote site just makes good sense. What if
you lose connectivity? Yyou don't have a server to connect to. Also think
of D/R. Is it not a good Idea to have another copy of the A/D at a remote
site?


(e-mail address removed)

This posting is provided "AS IS"
with no warranties, and confers no rights
 
Also I dont see why users would take a whole of 50 seconds to get
onto their desktop after logon.

I would suspect misconfigured DNS Settings to be the cause of
this. Thats the primary cause.
Click to expand...

That, or huge roaming profiles.
 
This could be misconfiguration or overloading.

The question is why the delta? You need to keep track of where people are
logging in for that site. Set up a logon script for them and have it record
somwhere what their logon server is every time they logon (hint: Env var
logonserver) and what their site is (dump nltest /dsgetsite or something to the
log).

Then look through it and find out if people are authenticating outside of their
site. If they are, then something is wrong with the site/subnet configuration
(see log for what site they say they are) or you have DNS issues or you have a
DC with issues or you have overloaded the local DC.

If the logons are all happening on the local DC then you either have a long
running script, connectivity issues to other shared resources, large roaming
profiles, an issue with the local DC, or you have overloaded the local DC.

joe
 
Back
Top