Jump to content

Active Directory Lag

Gekko_uk

By Gekko_uk
in Windows 2000/2003/NT4

 Share

Recommended Posts

Gekko_uk

Gekko_uk

Posted
Posted

Active Directory Lag

---------------------------------------------------------------------------

Seasonal Greetings Everyone!

I have a strange problem that is happening with my Servers.

I have a server (Dell 2900) with Windows Server 2003 R2 on it.

It is running as a DC, with DHCP,DNS,and Active Directory present.

I have roughly 45 Clients attached, running happily.

BUT.....

I have noticed (and did from day one) that if I am administrating Active Directory ie resetting password, disabling accounts etc it tends to lag.

for example.

I was asked by a user to reset her password, so I went to server, active Director screen>Right clicked her name>properties and ticked "user must change there password at next logon".

So she logged out, then back in again but it didnt prompt her, on loggin in she could access her network drives, so in other words the server/AD was waiting on the passwiord change but it had not instructed the client to prompt for it.

At this point I got her to restart her PC and it prompted her at that stage.

Additionaly, when browsing the AD screen it tend to lock up/take awhile eg if I right click on a user nothing happens then after a short time I get the expected meny appearing.

Now.... the plot gets thicker, I setup another server at a different site (which is in no way connected to this site) and the same thing is happening.

Is it the way I am configuring the Server? I have been following the same template for years now as to my setups so I cant see what I am doing wrong.

Somtimes it seems to be fine, ie I went to server couple of mins ago and could browse AD in "real time" but then after a coulpe of mins it was doing as described above.

Event Logs are all clear...

I am at a loss so if anyone can offer any words of wisdom I woudl greatly appreciate it.

Specs for server are

Del 2900

2 x 2.3Xeon Cpu's

6 x 300GB RAID 5 Disks

4 GB Ram

Windows Server 2003 R2 + all the available secruity updates

Any further info req please ask.

Many Thanks

Gekko

Link to comment
Share on other sites

fizban2

fizban2

Posted
Posted

is the DC also the router? or do you have a routing device that bring in internet? truly the DC should point to itself for DNS and then have forwarders setup in DNS to direct any queries out too the router if it is needed

Link to comment
Share on other sites
Gekko_uk

Gekko_uk

Posted
  • Author
Posted (edited)

Agh,

Could this possible be where me problem is then?

I have the DC (DNS/DHCP/AD) - 192.168.5.5.

I have the router - 192.168.5.10

On the server the Network config is -

IP - 192.168.5.5

Subnet Mask - 255.255.255.0

Gateway - 192.168.5.10

DNS1 - 192.168.5.10

DNS2 - blank.

The clients are setup as

IP - 192.168.5.X

Subnet Mask - 255.255.255.0

Gateway - 192.168.5.10

DNS1 - 192.168.5.5

DNS2 - blank.

Should the server DNS point to itself then?

Would this be causing the problem detailed above?

Cheers

Gekko

Edited by Gekko_uk
Link to comment
Share on other sites
fizban2

fizban2

Posted
Posted

correct, with the DC going out to the Router first for DNS queries it will slow things down till it times out on the router and then tries itself for DNS. change it to the 127.0.0.1 and add a forwarder to the router in DNS and see if that fixes the issue

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

If your DC doesn't have itself listed as a DNS server, then yes, AD will be slow and unreliable. Almost everything in AD requires a fully-functional DNS infrastructure, and the DC's need to be pointed at themselves or other DCs running DNS - no non-AD machine DNS information should be in any configuration.

Link to comment
Share on other sites
  • 4 weeks later...
Gekko_uk

Gekko_uk

Posted
  • Author
Posted

Hi guys,

It has came to my attention that there are still some issues.

The lag on the server has now been fixed, but the user accounts still seem to lag behind the server -

example -

I wanted to do some maintannce on someones account the other day, so I went into AD and right clicked their name and chose reset password and set it to "password".

This worked fine.

Went to their system and installed the software (sage client) and logged out.

I then set in AD for their name - "user must reset password at next login".

So next morning they login with password.... but no prompt.

They then could not access any network resources etc.

If I unticked "user must reset..." and they logged in with password it is fine.

This is mirrored accross all PC's - no matter who/what machine it happens.

ALso, I have noticed that somtimes when they do manage to get a prompt appearing it wont take any password ie they are told it must be 7 characters and not any one of their X number of password - even when I put in ones which have never been used before and meet all the req criteria it still wont let it happen.

Only way around it is to click and un click user must reset password box for that user and the odd restart of the client and it seems to be ok.

But this is obviously not ideal.

Also, when their password expires, they do not get a prompt, but instead are allowed to login but cannot access any network resources.

If they do a ctrl +alt+del and change their password it works.... this is really really weird.

if anyone has a hint as to the cause and solution to this I would appreciate it.

PS the lag in AD on the server ie browsing it etc has disapaeared.

Kind Regards

Gekko

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...