Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD authentication and authorisation
AD authentication and authorisation [message #160956] Fri, 11 September 2009 06:29 Go to next message
Gonzo  is currently offline Gonzo  United Kingdom
Messages: 66
Registered: July 2009
Member
Hi,

Is there a tool where I can test the speed of our AD authenticating and
authorising?

We have a 3rd party app that the vendors say our AD is slow and causing
their app to slow down. All our other apps are fine, but I do need to check
this as it it does point ot AD.
Re: AD authentication and authorisation [message #160958 is a reply to message #160956] Fri, 11 September 2009 06:42 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Gonzo wrote:
> Is there a tool where I can test the speed of our AD authenticating and
> authorising?
>
> We have a 3rd party app that the vendors say our AD is slow and causing
> their app to slow down. All our other apps are fine, but I do need to
> check this as it it does point ot AD.

Get a network trace of the machine with the app installed and the DC.
Dissect the trace so that you can see the initial auth request from the
app and get the time that it's taking to proceed. That's the most
reliable thing.

There are a few performance counters for AD, too - you may also check
those.

Cheers,
Florian
Re: AD authentication and authorisation [message #160960 is a reply to message #160958] Fri, 11 September 2009 06:45 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
And...

> Gonzo wrote:
>> Is there a tool where I can test the speed of our AD authenticating
>> and authorising?

Make sure DNS isn't the reason. Check whether clients can reliably
resolv DNS queries.

Cheers,
Florian
Re: AD authentication and authorisation [message #160963 is a reply to message #160960] Fri, 11 September 2009 08:30 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Florian Frommherz [MVP]" <florian@frickelsoft.net> wrote in message
news:ORuI02tMKHA.5072@TK2MSFTNGP05.phx.gbl...
> And...
>
>> Gonzo wrote:
>>> Is there a tool where I can test the speed of our AD authenticating and
>>> authorising?
>
> Make sure DNS isn't the reason. Check whether clients can reliably resolv
> DNS queries.
>
> Cheers,
> Florian


I was going to add this, but you beat me to it!

For Gonzo:
If the DCs and clients are using an ISP's DNS as an address in their
ipconfigs, or using the router as a DNS address, or using some other
external address. If they are, as Florian said, nothing can resolve the
internal domain resources reliably. That can be a *major* cause of slowness.
Same if any of the DCs are multihomed (more than one NIC, more than one IP
address or RRAS is installed for VPN, etc). Also another cause could be if
the AD DNS domain name is single label ('domain' vs domain.something).

If you can provide an ipconfig /all of your DCs and from a sample
workstation, possibly where the app is running, we can evaluate and offer
recommendations.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: AD authentication and authorisation [message #160978 is a reply to message #160956] Fri, 11 September 2009 14:22 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Gonzo,

I agree with the others about DNS as a source problem. Some more info as
requested will be helpful.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> Is there a tool where I can test the speed of our AD authenticating
> and authorising?
>
> We have a 3rd party app that the vendors say our AD is slow and
> causing their app to slow down. All our other apps are fine, but I do
> need to check this as it it does point ot AD.
>
Re: AD authentication and authorisation [message #160993 is a reply to message #160978] Sat, 12 September 2009 04:51 Go to previous messageGo to next message
Gonzo  is currently offline Gonzo  United Kingdom
Messages: 66
Registered: July 2009
Member
users point to 2 internal DNS server which are our DC's. The DC's do have
forwards to our IPS if the names can't be resovled, is this a good method?
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d56b48cc014571cbc1b1@msnews.microsoft.com...
> Hello Gonzo,
>
> I agree with the others about DNS as a source problem. Some more info as
> requested will be helpful.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>>
>> Is there a tool where I can test the speed of our AD authenticating
>> and authorising?
>>
>> We have a 3rd party app that the vendors say our AD is slow and
>> causing their app to slow down. All our other apps are fine, but I do
>> need to check this as it it does point ot AD.
>>
>
>
Re: AD authentication and authorisation [message #160996 is a reply to message #160993] Sat, 12 September 2009 08:46 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Gonzo" <andrewwhite@btinternet.com> wrote in message
news:OnIy2a5MKHA.3384@TK2MSFTNGP04.phx.gbl...
> users point to 2 internal DNS server which are our DC's. The DC's do have
> forwards to our IPS if the names can't be resovled, is this a good method?

Yes, that's the recommended method.

What operating systems are the DCs, and service pack levels?

Getting back to your app issue, what type of app is it, and what method does
it use to authenticate, NTLM or Kerberos?

If NTLM, which version? The app's docs or support can tell you that. If
version 1, it may possibly need disabling SMB signing on the DCs.

Any errors in either DC's event logs?

Ace



> > "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> > news:6cb2911d56b48cc014571cbc1b1@msnews.microsoft.com...
>> Hello Gonzo,
>>
>> I agree with the others about DNS as a source problem. Some more info as
>> requested will be helpful.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Hi,
>>>
>>> Is there a tool where I can test the speed of our AD authenticating
>>> and authorising?
>>>
>>> We have a 3rd party app that the vendors say our AD is slow and
>>> causing their app to slow down. All our other apps are fine, but I do
>>> need to check this as it it does point ot AD.
>>>
>>
>>
>
Previous Topic:GPO order and config question
Next Topic:AD installation/Replication issues
Goto Forum:
  


Current Time: Tue Jan 23 16:44:39 MST 2018

Total time taken to generate the page: 0.02563 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software