Archived from groups: microsoft.public.win2000.active_directory (
More info?)
We do have a GC and our users are on DHCP with the primary DNS configured
along with a second, third and fourth DNS entry. The users in site A are
using the DNS in site A, and users in site B are also using the DNS in site A.
As I stated the problem has been resolved by enabling group policy
Asynchrones logon on computers and users policy. So far there has been
limited problems, some users log in fast others as some what slow, but I know
it is going to take about a day or two for all the computers to checkin with
the new policy.
I just wonder if enabling those options in the policy will have negative
long term affect.
Thank you for responding once again I love this board.
"The AD Designer" wrote:
> Hi Michael
>
> The DNS suffix information shoud be placed on the advance TCP/IP properties
> on the client machines along with the DNS servers. I am guessing but do you
> have the users in site A a using the DNS server in site A? Also if your
> clients are using group policy then they will be win 2000 upward to XP. They
> don't need to use the PDC emulator in this case. If you have a large number
> of users, make the DC in your slow site a global catolgue server (this is the
> service which logs on post NT clients).
>
> Read the following article on FSMO roles also. This would alos help with
> your AD configuration.
>
>
http://support.microsoft.com/kb/197132
>
>
>
> "Michael LACounty" wrote:
>
> > ok, the groups are Global - we have two DC's the primary is not in the same
> > building where my target users are. but a dedicated T1 line gives me great
> > speed to the primary DC - I ran gprsult and all the policies applied and
> > filtered as they should
> >
> > I tried one of your suggestions, of adding the DNS suffix. I did that under
> > a GPO for the OU I am targeting for the restricted groups. that cut the time
> > by about 1min but still taking at least 2min compared to 30sec normal.
> >
> > An additional step I took was to make the group policy users and computers
> > Asyncroness enabled. By doing this the login times are back to under 1min,
> > but do you think it will cause any harm to my startup scripts orcomputers not
> > applying the GPO's I currently have in use..
> >
> > My startup script consist of 3 map drives all locations are in the same
> > building.
> >
> > Thank you so much for responding it was very helpful.
> >
> > "The AD Designer" wrote:
> >
> > > what type of group are you using? unversal? where is the GC for the domain?
> > > check the DNS settings on the machine and ensure its DNS suffix and DNS
> > > server are correct. Also run rsop or gpresult on the machine to find out
> > > where the policy is being applied from. Group Policy was applied from:?????
> > > This sounds more like a dns settings issue than policy
> > >
> > > Regards
> > >
> > > "Michael LACounty" wrote:
> > >
> > > > Hello,
> > > >
> > > > I am attempting to utilize Restricted groups on a ou in my domain that has
> > > > only desktop computer listed. When I utilize the restricted groups policy
> > > > setting, my users are having a long delay when they try to login. The login
> > > > process holds at Applying computer settings for longer than 3min.
> > > >
> > > > I have other policies that run as they should with minmal impact to users.
> > > >
> > > > Is there a way to utilize restricted groups without having such a long delay
> > > > for the users? Just to let you know my restricted groups only has two
> > > > objects listed administrator and a specific admin group name.
> > > >
> > > > Thank you for any help you lend.
> > > > Michael
Facebook
Twitter
Instagram