Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD authorisation slow
AD authorisation slow [message #157318] Mon, 06 July 2009 10:30 Go to next message
Gonzo  is currently offline Gonzo  United Kingdom
Messages: 66
Registered: July 2009
Member
Hello,

I'm been told to investigate why our LDAP authorisation is slow, where do I
start? We use AD 2003 and have 3 DC's and one offsite.

Authentication is fast, but I'm not even to sure what they mean by
authorisation.
Re: AD authorisation slow [message #157321 is a reply to message #157318] Mon, 06 July 2009 11:36 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Gonzo" <andrewwhite@btinternet.com> wrote in message news:%23bUjOZk$JHA.3732@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> I'm been told to investigate why our LDAP authorisation is slow, where do I
> start? We use AD 2003 and have 3 DC's and one offsite.
>
> Authentication is fast, but I'm not even to sure what they mean by
> authorisation.
>


In context, I would assume to associate authentication and authorization in the terms of trying to connect to a printer, folder share or other resources. But I am not sure, and I would highly suggest to ask what they mean by 'authorization' to gain a better understanding of the support ticket or complaint.

Without specific configuration information not provided in your post, I can't diagnose it specifically, but I can provide the basic guidelines with AD and DNS to help avoid any issues with AD (authentication, logons, replication, etc), are:

1. Make absolutely sure there are no ISP's DNS or the router used as a DNS address in any machines inside your network. This includes the DCs, member servers and workstations. Make sure DHCP Option 006 only has the internal DNS servers listed.
2. Make sure none of the DCs are multihomed (more than one NIC and/or IP) or numerous issues can result.
3. In a single domain forest, make sure all DCs are GCs,
4. Best practices, and based on efficient functionality, suggests the first DNS entry on a DC should be itself, then another DC as the second.
5. Make sure the AD DNS domain name is not a single label name such as 'domain,' rather than the required minimal of 'domain.com,' 'domain.local,' etc, or expect numerous issues.

There's more, that this is the basis.

I hope that helps.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: AD authorisation slow [message #157356 is a reply to message #157318] Tue, 07 July 2009 03:00 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Gonzo,

Please be more specific about authorisation, think you mean authentication
during logon? There can be multiple reasons for slow logons, DNS, GPOs, WAN
connection.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
>
> I'm been told to investigate why our LDAP authorisation is slow, where
> do I start? We use AD 2003 and have 3 DC's and one offsite.
>
> Authentication is fast, but I'm not even to sure what they mean by
> authorisation.
>
Previous Topic:ISA Server 2006 and Firewall clients
Next Topic:Can't Install AD on 2003 R2 Server
Goto Forum:
  


Current Time: Wed Oct 18 01:40:48 EDT 2017

Total time taken to generate the page: 0.04196 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software