Re: Windows 2003 R2 Active Directory Performance Question
- From: Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
- Date: Wed, 28 Apr 2010 18:17:50 +0000 (UTC)
Hello Bruce,
In a single forest domain, like domain.com, you should make ALL DCs Global catalog server as the IM has nothing to do.
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/08/37975.aspx
WINS is in a domain normally not needed, a domain is DNS based working. BUT, if you have the need for network browsing over subnets or applications running that require WINS then you have to install it.
If you set the GPO for "Always wait for network..........." it wan't be that much amount of time the logon process take.. Of course if you use servers to store the profiles or folder redirection the copy process depends on the amount of data.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
I removed the multihoming -- hopefully this will go a long way to
fixing
our issue. What about the global catalog? How many servers should it
be
on? Does it need to be on every DC?
And how big of a player is WINS and Master Browsers in this whole
thing?
Our workstations *do* have fast logon optimization enabled (the
default is on). If we disable this, how much longer will the
initialization be for the machines?
On 4/24/10 6:05 AM, in article
6cb2911dfe338ccb1bd8c72f06f@xxxxxxxxxxxxxxxxxxxx, "Meinolf Weber
[MVP-DS]" <meiweb@xxxxxxxxxxxx> wrote:
Hello Bruce,
As Danny said multihoming of DCs is a really bad solution:
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-wi
th-dns-rr as-and-or-pppoe-adapters.aspx
For workstations make also sure that fast logon optimization isn't
configured, applies on machines higher then Windows 2000:
http://support.microsoft.com/kb/305293
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Here is our environment:
5 Windows 2003 R2 SP2 Domain Controllers (4 of which also do
File/Print/DNS
and 1 is running DHCP) spread across multiple VLANs (multiple NICs
mapped to
different VLANs in each)
These are HP DL380 G5's with 8GB RAM runninw Win2k3R2 Enterprise
These DCs are all in the same physical location supporting 10 other
buildings, some buildings are 1 mile, some are 7 miles away
connected
by GB fiber.
Network is GB between buildings, GB between closets, 100MB to the
desktop with a mix of Extreme and HP equipment with one BlackDiamond
6808 Router in the data center.
Roughly 3000 computers on the network, 10k Active Directory objects,
1100 Exchange 2003 mailboxes
The issue we are having is that since we've migrated from NetWare
(last year) to AD we have login and login resource issues.
Example: there will be 30 people in a room all logging in
more-or-less at the same time, 5 or 6 or 8 will get in, get their
home drive, mapped drive and group policies w/o a problem... another
10-12 might need to logout and try again and the rest may actually
need to reboot to make it work correctly.
If I go to the location I can login as any user and it works fine,
but put a bunch of people in a room and it starts to get flakey
again.
Here's most of what I've done over the past couple of months:
* Aggregated network closets -- where I could I changed the closet
configurations from a daisy-chain of switches to an aggregated
config
(IE:
four 100MB switches uplink directly to a GB switch and out the
closet)
* Introduced WINS into the environment on two of the DCs
* Moved server secondary NICs from 100MB to 1GB ports.
At this point I'm starting to get a little frustrated. My next step
is
going to be to put a couple of satellite AD boxes in choice
buildings
to try
and reduce the physical distance between the end-user and a domain
controller. We have also purchased HP ProCurve equipment to replace
the
Extreme stuff inthe MDFs of the buildings and at the core because of
the age
(8+ years) of the Extreme stuff but I'm not convinced that is going
to
"fix"
the problem. I feel like i provided enough DCs per VLAN (at least
2),
at
last one DNS server on each VLAN so there is no traversign VLANs for
this
information.
Any suggestions? Where should I be looking that I'm not looking?
I've checked AD's health and its good... DNS seems solid... but I'm
open to just about any suggestions right now.
.
- References:
- Re: Windows 2003 R2 Active Directory Performance Question
- From: Bruce Sarte
- Re: Windows 2003 R2 Active Directory Performance Question
- Prev by Date: LDS user using AD Group Permissions
- Next by Date: Re: Slow startups - GPO problem?
- Previous by thread: Re: Windows 2003 R2 Active Directory Performance Question
- Next by thread: Computer Account Not Found
- Index(es):
Relevant Pages
|
