Archived from groups: microsoft.public.windowsnt.domain (More info?)

I recently installed a WIN2000 server and made it a primary domain
controller. It is the only domain controller on my network. I have 20clients
that will eventually join the domain. I took two of the clients (WinXP Pro)
and joined them into the new domain. It seems like things take MUCH longer
now than before I joined the domain.

For example, when logging into the domain, the clients sit there for 10
seconds of so with that "Applying Computer Settings" dialog before the users
desktop comes up. Right clicking on System, and selecting "Properties" takes
15 seconds or so. Checking Network properties takes 15 seconds or so.

When I don't log into the domain on these clients (i.e. login locally),
these operation are instantaneous.

As far as networking, they are all on the same subnet, matter of fact, both
clients and domain controller are plugged into the same 4 port router! So it
should not be a network communications problem. All machines are P4 machines
with 1 gig of RAM and gigabit ethernet controllers. So we have plenty of
hardware power, too.

Pardon the newbie question, I plan to go out to the book store at lunch and
pick myself up some reading material. But if things are going to be this
slow by adding a domain, we might just as well go back to a workgroup. Do
the clients have to contact the domain controller for every little thing
that has to be done?

Any ideas appreciated. Please respond via newsgroup.

Thanks

Robert

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Long log in time are a symptom of misconfigured DNS.

AD MUST have a DNS server set up for the AD domain. Do Not use your ISP's
DNS servers.

Basically you need to install DNS on the DC. Point the DC to itself in the
properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS server
ONLY. For Internet access configure your AD DNS server to forward and list
your ISP's DNS server as the forwarder (this is the ONLY place your ISP's
DNS server should be listed on your entire domain. Do NOT add it as
secondary on *any* clients) or use root hints.


See:
Best Practices for DNS Client settings in Windows 2000 server and in Windows
Server 2003

http://support.microsoft.com/defau [...] -us;825036



Setting Up the Domain Name System for Active Directory

http://support.microsoft.com/defau [...] -us;237675



How to configure DNS for Internet access in Windows 2000

http://support.microsoft.com/defau [...] -us;300202





hth

DDS W 2k MVP MCSE



"Robert Reineri" <robert123@fnbmarin.com> wrote in message
news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
>I recently installed a WIN2000 server and made it a primary domain
> controller. It is the only domain controller on my network. I have
> 20clients
> that will eventually join the domain. I took two of the clients (WinXP
> Pro)
> and joined them into the new domain. It seems like things take MUCH longer
> now than before I joined the domain.
>
> For example, when logging into the domain, the clients sit there for 10
> seconds of so with that "Applying Computer Settings" dialog before the
> users
> desktop comes up. Right clicking on System, and selecting "Properties"
> takes
> 15 seconds or so. Checking Network properties takes 15 seconds or so.
>
> When I don't log into the domain on these clients (i.e. login locally),
> these operation are instantaneous.
>
> As far as networking, they are all on the same subnet, matter of fact,
> both
> clients and domain controller are plugged into the same 4 port router! So
> it
> should not be a network communications problem. All machines are P4
> machines
> with 1 gig of RAM and gigabit ethernet controllers. So we have plenty of
> hardware power, too.
>
> Pardon the newbie question, I plan to go out to the book store at lunch
> and
> pick myself up some reading material. But if things are going to be this
> slow by adding a domain, we might just as well go back to a workgroup. Do
> the clients have to contact the domain controller for every little thing
> that has to be done?
>
> Any ideas appreciated. Please respond via newsgroup.
>
> Thanks
>
> Robert
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

First thing to check is DNS, AD, Win2K and XP use DNS for everything.
All your machines should be using Your DC for DNS, this includes the Server
and should be set to register Automatically. Do not use your ISPs DNS in any
TCP settings.
On the Win2k DC (Using DNS Manager) check that your AD DNS zone is there and
active (allows Dynamic Updates). Also check if you have a root Zone
(installed by default and listed as a period, "." ) if so delete it. Then
check the forwarders, this is where you put your ISPs DNS.
--
Yor Suiris
Remove the kNOT to reply.
But it is best to share it with the group.

"Robert Reineri" <robert123@fnbmarin.com> wrote in message
news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
>I recently installed a WIN2000 server and made it a primary domain
> controller. It is the only domain controller on my network. I have
> 20clients
> that will eventually join the domain. I took two of the clients (WinXP
> Pro)
> and joined them into the new domain. It seems like things take MUCH longer
> now than before I joined the domain.
>
> For example, when logging into the domain, the clients sit there for 10
> seconds of so with that "Applying Computer Settings" dialog before the
> users
> desktop comes up. Right clicking on System, and selecting "Properties"
> takes
> 15 seconds or so. Checking Network properties takes 15 seconds or so.
>
> When I don't log into the domain on these clients (i.e. login locally),
> these operation are instantaneous.
>
> As far as networking, they are all on the same subnet, matter of fact,
> both
> clients and domain controller are plugged into the same 4 port router! So
> it
> should not be a network communications problem. All machines are P4
> machines
> with 1 gig of RAM and gigabit ethernet controllers. So we have plenty of
> hardware power, too.
>
> Pardon the newbie question, I plan to go out to the book store at lunch
> and
> pick myself up some reading material. But if things are going to be this
> slow by adding a domain, we might just as well go back to a workgroup. Do
> the clients have to contact the domain controller for every little thing
> that has to be done?
>
> Any ideas appreciated. Please respond via newsgroup.
>
> Thanks
>
> Robert
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Ahh - I see. Right now, all machines (PDC and CLIENTS) get their IP
information assigned by the router through DHCP (this includes the DNS
servers, which show up as the Cox DNS servers using ipconfig /all). So I
think what I need to do is:

1. Stop the router from being a DHCP server.
2. Set the DHCP Service on the PDC to serve up IP configuration to the
clients.
3. Configure DNS on the PDC as you describe.
Now, instead of using DHCP from the router, the client will get it from the
PDC, whose DNS is configured to forward to the Cox DNS servers for internet
addresses (addresses not on the local subnet).

or,

Do everything with static IP's and configure each client.

Am I on the right track ?
Thanks

Robert

"Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
> Long log in time are a symptom of misconfigured DNS.
>
> AD MUST have a DNS server set up for the AD domain. Do Not use your ISP's
> DNS servers.
>
> Basically you need to install DNS on the DC. Point the DC to itself in the
> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS server
> ONLY. For Internet access configure your AD DNS server to forward and list
> your ISP's DNS server as the forwarder (this is the ONLY place your ISP's
> DNS server should be listed on your entire domain. Do NOT add it as
> secondary on *any* clients) or use root hints.
>
>
> See:
> Best Practices for DNS Client settings in Windows 2000 server and in
Windows
> Server 2003
>
> http://support.microsoft.com/defau [...] -us;825036
>
>
>
> Setting Up the Domain Name System for Active Directory
>
> http://support.microsoft.com/defau [...] -us;237675
>
>
>
> How to configure DNS for Internet access in Windows 2000
>
> http://support.microsoft.com/defau [...] -us;300202
>
>
>
>
>
> hth
>
> DDS W 2k MVP MCSE
>
>
>
> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
> >I recently installed a WIN2000 server and made it a primary domain
> > controller. It is the only domain controller on my network. I have
> > 20clients
> > that will eventually join the domain. I took two of the clients (WinXP
> > Pro)
> > and joined them into the new domain. It seems like things take MUCH
longer
> > now than before I joined the domain.
> >
> > For example, when logging into the domain, the clients sit there for 10
> > seconds of so with that "Applying Computer Settings" dialog before the
> > users
> > desktop comes up. Right clicking on System, and selecting "Properties"
> > takes
> > 15 seconds or so. Checking Network properties takes 15 seconds or so.
> >
> > When I don't log into the domain on these clients (i.e. login locally),
> > these operation are instantaneous.
> >
> > As far as networking, they are all on the same subnet, matter of fact,
> > both
> > clients and domain controller are plugged into the same 4 port router!
So
> > it
> > should not be a network communications problem. All machines are P4
> > machines
> > with 1 gig of RAM and gigabit ethernet controllers. So we have plenty of
> > hardware power, too.
> >
> > Pardon the newbie question, I plan to go out to the book store at lunch
> > and
> > pick myself up some reading material. But if things are going to be this
> > slow by adding a domain, we might just as well go back to a workgroup.
Do
> > the clients have to contact the domain controller for every little thing
> > that has to be done?
> >
> > Any ideas appreciated. Please respond via newsgroup.
> >
> > Thanks
> >
> > Robert
> >
> >
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

> 1. Stop the router from being a DHCP server.

It is not that big of a deal that the router is the DHCP server. The
important thing is that the router is giving your clients the AD DNS server
and NOT your ISP's server.

When you log onto your DNS server with the IP of the DNS server pointing to
itself, the proper SRV records for the domain are registered in DNS, on THAT
server. Clients logging into the domain MUST find these SRV records in order
to "find" the domain. You want your clients to "find" the domain when they
log on (your long log in times were because the client was looking for a SRV
record on your ISP's DNS server for your domain and it was not there).
Pointing the clients to the DNS server that houses the SRV records for your
domain will result in clients "finding" the domain faster. When a client
requests www.yahoo.com you want the client to look for it on your DNS server
and it will not find it, so that request gets forwarded to a DNS server
listed in your forwarders tab (or root hints if you set it up that way).

hth
DDS W 2k MVP MCSE

"Robert Reineri" <robert123@fnbmarin.com> wrote in message
news:%232QCdf9AFHA.3836@tk2msftngp13.phx.gbl...
> Ahh - I see. Right now, all machines (PDC and CLIENTS) get their IP
> information assigned by the router through DHCP (this includes the DNS
> servers, which show up as the Cox DNS servers using ipconfig /all). So I
> think what I need to do is:
>
> 1. Stop the router from being a DHCP server.
> 2. Set the DHCP Service on the PDC to serve up IP configuration to the
> clients.
> 3. Configure DNS on the PDC as you describe.
> Now, instead of using DHCP from the router, the client will get it from
> the
> PDC, whose DNS is configured to forward to the Cox DNS servers for
> internet
> addresses (addresses not on the local subnet).
>
> or,
>
> Do everything with static IP's and configure each client.
>
> Am I on the right track ?
> Thanks
>
> Robert
>
> "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
>> Long log in time are a symptom of misconfigured DNS.
>>
>> AD MUST have a DNS server set up for the AD domain. Do Not use your ISP's
>> DNS servers.
>>
>> Basically you need to install DNS on the DC. Point the DC to itself in
>> the
>> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS server
>> ONLY. For Internet access configure your AD DNS server to forward and
>> list
>> your ISP's DNS server as the forwarder (this is the ONLY place your ISP's
>> DNS server should be listed on your entire domain. Do NOT add it as
>> secondary on *any* clients) or use root hints.
>>
>>
>> See:
>> Best Practices for DNS Client settings in Windows 2000 server and in
> Windows
>> Server 2003
>>
>> http://support.microsoft.com/defau [...] -us;825036
>>
>>
>>
>> Setting Up the Domain Name System for Active Directory
>>
>> http://support.microsoft.com/defau [...] -us;237675
>>
>>
>>
>> How to configure DNS for Internet access in Windows 2000
>>
>> http://support.microsoft.com/defau [...] -us;300202
>>
>>
>>
>>
>>
>> hth
>>
>> DDS W 2k MVP MCSE
>>
>>
>>
>> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
>> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
>> >I recently installed a WIN2000 server and made it a primary domain
>> > controller. It is the only domain controller on my network. I have
>> > 20clients
>> > that will eventually join the domain. I took two of the clients (WinXP
>> > Pro)
>> > and joined them into the new domain. It seems like things take MUCH
> longer
>> > now than before I joined the domain.
>> >
>> > For example, when logging into the domain, the clients sit there for 10
>> > seconds of so with that "Applying Computer Settings" dialog before the
>> > users
>> > desktop comes up. Right clicking on System, and selecting "Properties"
>> > takes
>> > 15 seconds or so. Checking Network properties takes 15 seconds or so.
>> >
>> > When I don't log into the domain on these clients (i.e. login locally),
>> > these operation are instantaneous.
>> >
>> > As far as networking, they are all on the same subnet, matter of fact,
>> > both
>> > clients and domain controller are plugged into the same 4 port router!
> So
>> > it
>> > should not be a network communications problem. All machines are P4
>> > machines
>> > with 1 gig of RAM and gigabit ethernet controllers. So we have plenty
>> > of
>> > hardware power, too.
>> >
>> > Pardon the newbie question, I plan to go out to the book store at lunch
>> > and
>> > pick myself up some reading material. But if things are going to be
>> > this
>> > slow by adding a domain, we might just as well go back to a workgroup.
> Do
>> > the clients have to contact the domain controller for every little
>> > thing
>> > that has to be done?
>> >
>> > Any ideas appreciated. Please respond via newsgroup.
>> >
>> > Thanks
>> >
>> > Robert
>> >
>> >
>>
>>
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I think I see... but if I let the router continue to be the DHCP server
(which I REALLY WOULD like to do, since it works just fine as is), won't it
keep giving the clients my ISP's DNS Servers? If I understand correctly,
when a client gets its IP configuration from a DHCP server, it gets ALL the
information - the IP address it should use, the gateway address, DNS server
address(es), and all else from that DHCP request.

The way I think it works is this:

1. The router itself uses DHCP to get an address from the cable company,
along with all the other junk - DNS servers, etc.
2. When internal clients use the router as the DHCP server, it assigns the
client an address from the internal pool of addresses (192.168.1.xxx), uses
it's own address (192.168.1.1) as the gateway for the clients, and simply
passes along the ISP's DNS servers to the clients.

I guess what I need to do is check the router documentation. It is a Linksys
WRT54g router...

Thanks for all your help. Please, comment on anything I've posted. I really
appreciate the assistance in getting this set up, and more importantly,
gaining the knowledge to understand WHY things work, instead of just
clicking buttons. Though I am a software engineer by trade, it never hurts
to understand some networking basics...

Thanks

Robert

"Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
news:%23GYxXx9AFHA.824@TK2MSFTNGP11.phx.gbl...
> > 1. Stop the router from being a DHCP server.
>
> It is not that big of a deal that the router is the DHCP server. The
> important thing is that the router is giving your clients the AD DNS
server
> and NOT your ISP's server.
>
> When you log onto your DNS server with the IP of the DNS server pointing
to
> itself, the proper SRV records for the domain are registered in DNS, on
THAT
> server. Clients logging into the domain MUST find these SRV records in
order
> to "find" the domain. You want your clients to "find" the domain when they
> log on (your long log in times were because the client was looking for a
SRV
> record on your ISP's DNS server for your domain and it was not there).
> Pointing the clients to the DNS server that houses the SRV records for
your
> domain will result in clients "finding" the domain faster. When a client
> requests www.yahoo.com you want the client to look for it on your DNS
server
> and it will not find it, so that request gets forwarded to a DNS server
> listed in your forwarders tab (or root hints if you set it up that way).
>
> hth
> DDS W 2k MVP MCSE
>
> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> news:%232QCdf9AFHA.3836@tk2msftngp13.phx.gbl...
> > Ahh - I see. Right now, all machines (PDC and CLIENTS) get their IP
> > information assigned by the router through DHCP (this includes the DNS
> > servers, which show up as the Cox DNS servers using ipconfig /all). So I
> > think what I need to do is:
> >
> > 1. Stop the router from being a DHCP server.
> > 2. Set the DHCP Service on the PDC to serve up IP configuration to the
> > clients.
> > 3. Configure DNS on the PDC as you describe.
> > Now, instead of using DHCP from the router, the client will get it from
> > the
> > PDC, whose DNS is configured to forward to the Cox DNS servers for
> > internet
> > addresses (addresses not on the local subnet).
> >
> > or,
> >
> > Do everything with static IP's and configure each client.
> >
> > Am I on the right track ?
> > Thanks
> >
> > Robert
> >
> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> > news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
> >> Long log in time are a symptom of misconfigured DNS.
> >>
> >> AD MUST have a DNS server set up for the AD domain. Do Not use your
ISP's
> >> DNS servers.
> >>
> >> Basically you need to install DNS on the DC. Point the DC to itself in
> >> the
> >> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS
server
> >> ONLY. For Internet access configure your AD DNS server to forward and
> >> list
> >> your ISP's DNS server as the forwarder (this is the ONLY place your
ISP's
> >> DNS server should be listed on your entire domain. Do NOT add it as
> >> secondary on *any* clients) or use root hints.
> >>
> >>
> >> See:
> >> Best Practices for DNS Client settings in Windows 2000 server and in
> > Windows
> >> Server 2003
> >>
> >> http://support.microsoft.com/defau [...] -us;825036
> >>
> >>
> >>
> >> Setting Up the Domain Name System for Active Directory
> >>
> >> http://support.microsoft.com/defau [...] -us;237675
> >>
> >>
> >>
> >> How to configure DNS for Internet access in Windows 2000
> >>
> >> http://support.microsoft.com/defau [...] -us;300202
> >>
> >>
> >>
> >>
> >>
> >> hth
> >>
> >> DDS W 2k MVP MCSE
> >>
> >>
> >>
> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
> >> >I recently installed a WIN2000 server and made it a primary domain
> >> > controller. It is the only domain controller on my network. I have
> >> > 20clients
> >> > that will eventually join the domain. I took two of the clients
(WinXP
> >> > Pro)
> >> > and joined them into the new domain. It seems like things take MUCH
> > longer
> >> > now than before I joined the domain.
> >> >
> >> > For example, when logging into the domain, the clients sit there for
10
> >> > seconds of so with that "Applying Computer Settings" dialog before
the
> >> > users
> >> > desktop comes up. Right clicking on System, and selecting
"Properties"
> >> > takes
> >> > 15 seconds or so. Checking Network properties takes 15 seconds or so.
> >> >
> >> > When I don't log into the domain on these clients (i.e. login
locally),
> >> > these operation are instantaneous.
> >> >
> >> > As far as networking, they are all on the same subnet, matter of
fact,
> >> > both
> >> > clients and domain controller are plugged into the same 4 port
router!
> > So
> >> > it
> >> > should not be a network communications problem. All machines are P4
> >> > machines
> >> > with 1 gig of RAM and gigabit ethernet controllers. So we have plenty
> >> > of
> >> > hardware power, too.
> >> >
> >> > Pardon the newbie question, I plan to go out to the book store at
lunch
> >> > and
> >> > pick myself up some reading material. But if things are going to be
> >> > this
> >> > slow by adding a domain, we might just as well go back to a
workgroup.
> > Do
> >> > the clients have to contact the domain controller for every little
> >> > thing
> >> > that has to be done?
> >> >
> >> > Any ideas appreciated. Please respond via newsgroup.
> >> >
> >> > Thanks
> >> >
> >> > Robert
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I'm not familiar with Linksys. If Linksys's DHCP is anything like Windows
DHCP you have the ability to change all the settings it passes out to the
clients.

Check to see if you can adjust the settings the linksys is handing out. If
you can't, disable DHCP on it and set up DHCP on your DC. You will need to
tell it what IP address range, subnet mask, DNS, WINS, gateway, entries to
use. I suspect there is a way to do this with the linksys.


hth
DDS W 2k MVP MCSE

"Robert Reineri" <robert123@fnbmarin.com> wrote in message
news:%23EPpf69AFHA.3016@tk2msftngp13.phx.gbl...
>I think I see... but if I let the router continue to be the DHCP server
> (which I REALLY WOULD like to do, since it works just fine as is), won't
> it
> keep giving the clients my ISP's DNS Servers? If I understand correctly,
> when a client gets its IP configuration from a DHCP server, it gets ALL
> the
> information - the IP address it should use, the gateway address, DNS
> server
> address(es), and all else from that DHCP request.
>
> The way I think it works is this:
>
> 1. The router itself uses DHCP to get an address from the cable company,
> along with all the other junk - DNS servers, etc.
> 2. When internal clients use the router as the DHCP server, it assigns the
> client an address from the internal pool of addresses (192.168.1.xxx),
> uses
> it's own address (192.168.1.1) as the gateway for the clients, and simply
> passes along the ISP's DNS servers to the clients.
>
> I guess what I need to do is check the router documentation. It is a
> Linksys
> WRT54g router...
>
> Thanks for all your help. Please, comment on anything I've posted. I
> really
> appreciate the assistance in getting this set up, and more importantly,
> gaining the knowledge to understand WHY things work, instead of just
> clicking buttons. Though I am a software engineer by trade, it never hurts
> to understand some networking basics...
>
> Thanks
>
> Robert
>
> "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> news:%23GYxXx9AFHA.824@TK2MSFTNGP11.phx.gbl...
>> > 1. Stop the router from being a DHCP server.
>>
>> It is not that big of a deal that the router is the DHCP server. The
>> important thing is that the router is giving your clients the AD DNS
> server
>> and NOT your ISP's server.
>>
>> When you log onto your DNS server with the IP of the DNS server pointing
> to
>> itself, the proper SRV records for the domain are registered in DNS, on
> THAT
>> server. Clients logging into the domain MUST find these SRV records in
> order
>> to "find" the domain. You want your clients to "find" the domain when
>> they
>> log on (your long log in times were because the client was looking for a
> SRV
>> record on your ISP's DNS server for your domain and it was not there).
>> Pointing the clients to the DNS server that houses the SRV records for
> your
>> domain will result in clients "finding" the domain faster. When a client
>> requests www.yahoo.com you want the client to look for it on your DNS
> server
>> and it will not find it, so that request gets forwarded to a DNS server
>> listed in your forwarders tab (or root hints if you set it up that way).
>>
>> hth
>> DDS W 2k MVP MCSE
>>
>> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
>> news:%232QCdf9AFHA.3836@tk2msftngp13.phx.gbl...
>> > Ahh - I see. Right now, all machines (PDC and CLIENTS) get their IP
>> > information assigned by the router through DHCP (this includes the DNS
>> > servers, which show up as the Cox DNS servers using ipconfig /all). So
>> > I
>> > think what I need to do is:
>> >
>> > 1. Stop the router from being a DHCP server.
>> > 2. Set the DHCP Service on the PDC to serve up IP configuration to the
>> > clients.
>> > 3. Configure DNS on the PDC as you describe.
>> > Now, instead of using DHCP from the router, the client will get it from
>> > the
>> > PDC, whose DNS is configured to forward to the Cox DNS servers for
>> > internet
>> > addresses (addresses not on the local subnet).
>> >
>> > or,
>> >
>> > Do everything with static IP's and configure each client.
>> >
>> > Am I on the right track ?
>> > Thanks
>> >
>> > Robert
>> >
>> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
>> > news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
>> >> Long log in time are a symptom of misconfigured DNS.
>> >>
>> >> AD MUST have a DNS server set up for the AD domain. Do Not use your
> ISP's
>> >> DNS servers.
>> >>
>> >> Basically you need to install DNS on the DC. Point the DC to itself in
>> >> the
>> >> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS
> server
>> >> ONLY. For Internet access configure your AD DNS server to forward and
>> >> list
>> >> your ISP's DNS server as the forwarder (this is the ONLY place your
> ISP's
>> >> DNS server should be listed on your entire domain. Do NOT add it as
>> >> secondary on *any* clients) or use root hints.
>> >>
>> >>
>> >> See:
>> >> Best Practices for DNS Client settings in Windows 2000 server and in
>> > Windows
>> >> Server 2003
>> >>
>> >> http://support.microsoft.com/defau [...] -us;825036
>> >>
>> >>
>> >>
>> >> Setting Up the Domain Name System for Active Directory
>> >>
>> >> http://support.microsoft.com/defau [...] -us;237675
>> >>
>> >>
>> >>
>> >> How to configure DNS for Internet access in Windows 2000
>> >>
>> >> http://support.microsoft.com/defau [...] -us;300202
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> hth
>> >>
>> >> DDS W 2k MVP MCSE
>> >>
>> >>
>> >>
>> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
>> >> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
>> >> >I recently installed a WIN2000 server and made it a primary domain
>> >> > controller. It is the only domain controller on my network. I have
>> >> > 20clients
>> >> > that will eventually join the domain. I took two of the clients
> (WinXP
>> >> > Pro)
>> >> > and joined them into the new domain. It seems like things take MUCH
>> > longer
>> >> > now than before I joined the domain.
>> >> >
>> >> > For example, when logging into the domain, the clients sit there for
> 10
>> >> > seconds of so with that "Applying Computer Settings" dialog before
> the
>> >> > users
>> >> > desktop comes up. Right clicking on System, and selecting
> "Properties"
>> >> > takes
>> >> > 15 seconds or so. Checking Network properties takes 15 seconds or
>> >> > so.
>> >> >
>> >> > When I don't log into the domain on these clients (i.e. login
> locally),
>> >> > these operation are instantaneous.
>> >> >
>> >> > As far as networking, they are all on the same subnet, matter of
> fact,
>> >> > both
>> >> > clients and domain controller are plugged into the same 4 port
> router!
>> > So
>> >> > it
>> >> > should not be a network communications problem. All machines are P4
>> >> > machines
>> >> > with 1 gig of RAM and gigabit ethernet controllers. So we have
>> >> > plenty
>> >> > of
>> >> > hardware power, too.
>> >> >
>> >> > Pardon the newbie question, I plan to go out to the book store at
> lunch
>> >> > and
>> >> > pick myself up some reading material. But if things are going to be
>> >> > this
>> >> > slow by adding a domain, we might just as well go back to a
> workgroup.
>> > Do
>> >> > the clients have to contact the domain controller for every little
>> >> > thing
>> >> > that has to be done?
>> >> >
>> >> > Any ideas appreciated. Please respond via newsgroup.
>> >> >
>> >> > Thanks
>> >> >
>> >> > Robert
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Thanks Danny - yes, there was a way to change the router to send the IP of
the W2K DNS Server. Everything is BLAZING now - plus I have my own "in
house" DNS server for when my ISP's go down!

I really appreciate all your help.

Thanks

Robert
"Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
newsEpsER%23AFHA.1388@TK2MSFTNGP09.phx.gbl...
> I'm not familiar with Linksys. If Linksys's DHCP is anything like Windows
> DHCP you have the ability to change all the settings it passes out to the
> clients.
>
> Check to see if you can adjust the settings the linksys is handing out. If
> you can't, disable DHCP on it and set up DHCP on your DC. You will need to
> tell it what IP address range, subnet mask, DNS, WINS, gateway, entries to
> use. I suspect there is a way to do this with the linksys.
>
>
> hth
> DDS W 2k MVP MCSE
>
> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> news:%23EPpf69AFHA.3016@tk2msftngp13.phx.gbl...
> >I think I see... but if I let the router continue to be the DHCP server
> > (which I REALLY WOULD like to do, since it works just fine as is), won't
> > it
> > keep giving the clients my ISP's DNS Servers? If I understand correctly,
> > when a client gets its IP configuration from a DHCP server, it gets ALL
> > the
> > information - the IP address it should use, the gateway address, DNS
> > server
> > address(es), and all else from that DHCP request.
> >
> > The way I think it works is this:
> >
> > 1. The router itself uses DHCP to get an address from the cable company,
> > along with all the other junk - DNS servers, etc.
> > 2. When internal clients use the router as the DHCP server, it assigns
the
> > client an address from the internal pool of addresses (192.168.1.xxx),
> > uses
> > it's own address (192.168.1.1) as the gateway for the clients, and
simply
> > passes along the ISP's DNS servers to the clients.
> >
> > I guess what I need to do is check the router documentation. It is a
> > Linksys
> > WRT54g router...
> >
> > Thanks for all your help. Please, comment on anything I've posted. I
> > really
> > appreciate the assistance in getting this set up, and more importantly,
> > gaining the knowledge to understand WHY things work, instead of just
> > clicking buttons. Though I am a software engineer by trade, it never
hurts
> > to understand some networking basics...
> >
> > Thanks
> >
> > Robert
> >
> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> > news:%23GYxXx9AFHA.824@TK2MSFTNGP11.phx.gbl...
> >> > 1. Stop the router from being a DHCP server.
> >>
> >> It is not that big of a deal that the router is the DHCP server. The
> >> important thing is that the router is giving your clients the AD DNS
> > server
> >> and NOT your ISP's server.
> >>
> >> When you log onto your DNS server with the IP of the DNS server
pointing
> > to
> >> itself, the proper SRV records for the domain are registered in DNS, on
> > THAT
> >> server. Clients logging into the domain MUST find these SRV records in
> > order
> >> to "find" the domain. You want your clients to "find" the domain when
> >> they
> >> log on (your long log in times were because the client was looking for
a
> > SRV
> >> record on your ISP's DNS server for your domain and it was not there).
> >> Pointing the clients to the DNS server that houses the SRV records for
> > your
> >> domain will result in clients "finding" the domain faster. When a
client
> >> requests www.yahoo.com you want the client to look for it on your DNS
> > server
> >> and it will not find it, so that request gets forwarded to a DNS server
> >> listed in your forwarders tab (or root hints if you set it up that
way).
> >>
> >> hth
> >> DDS W 2k MVP MCSE
> >>
> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> news:%232QCdf9AFHA.3836@tk2msftngp13.phx.gbl...
> >> > Ahh - I see. Right now, all machines (PDC and CLIENTS) get their IP
> >> > information assigned by the router through DHCP (this includes the
DNS
> >> > servers, which show up as the Cox DNS servers using ipconfig /all).
So
> >> > I
> >> > think what I need to do is:
> >> >
> >> > 1. Stop the router from being a DHCP server.
> >> > 2. Set the DHCP Service on the PDC to serve up IP configuration to
the
> >> > clients.
> >> > 3. Configure DNS on the PDC as you describe.
> >> > Now, instead of using DHCP from the router, the client will get it
from
> >> > the
> >> > PDC, whose DNS is configured to forward to the Cox DNS servers for
> >> > internet
> >> > addresses (addresses not on the local subnet).
> >> >
> >> > or,
> >> >
> >> > Do everything with static IP's and configure each client.
> >> >
> >> > Am I on the right track ?
> >> > Thanks
> >> >
> >> > Robert
> >> >
> >> > "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> >> > news:e6jrFY9AFHA.2032@tk2msftngp13.phx.gbl...
> >> >> Long log in time are a symptom of misconfigured DNS.
> >> >>
> >> >> AD MUST have a DNS server set up for the AD domain. Do Not use your
> > ISP's
> >> >> DNS servers.
> >> >>
> >> >> Basically you need to install DNS on the DC. Point the DC to itself
in
> >> >> the
> >> >> properties of TCP/IP for DNS. Point ALL AD Clients to this AD DNS
> > server
> >> >> ONLY. For Internet access configure your AD DNS server to forward
and
> >> >> list
> >> >> your ISP's DNS server as the forwarder (this is the ONLY place your
> > ISP's
> >> >> DNS server should be listed on your entire domain. Do NOT add it as
> >> >> secondary on *any* clients) or use root hints.
> >> >>
> >> >>
> >> >> See:
> >> >> Best Practices for DNS Client settings in Windows 2000 server and in
> >> > Windows
> >> >> Server 2003
> >> >>
> >> >> http://support.microsoft.com/defau [...] -us;825036
> >> >>
> >> >>
> >> >>
> >> >> Setting Up the Domain Name System for Active Directory
> >> >>
> >> >> http://support.microsoft.com/defau [...] -us;237675
> >> >>
> >> >>
> >> >>
> >> >> How to configure DNS for Internet access in Windows 2000
> >> >>
> >> >> http://support.microsoft.com/defau [...] -us;300202
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> hth
> >> >>
> >> >> DDS W 2k MVP MCSE
> >> >>
> >> >>
> >> >>
> >> >> "Robert Reineri" <robert123@fnbmarin.com> wrote in message
> >> >> news:uS4gRE9AFHA.904@TK2MSFTNGP12.phx.gbl...
> >> >> >I recently installed a WIN2000 server and made it a primary domain
> >> >> > controller. It is the only domain controller on my network. I have
> >> >> > 20clients
> >> >> > that will eventually join the domain. I took two of the clients
> > (WinXP
> >> >> > Pro)
> >> >> > and joined them into the new domain. It seems like things take
MUCH
> >> > longer
> >> >> > now than before I joined the domain.
> >> >> >
> >> >> > For example, when logging into the domain, the clients sit there
for
> > 10
> >> >> > seconds of so with that "Applying Computer Settings" dialog before
> > the
> >> >> > users
> >> >> > desktop comes up. Right clicking on System, and selecting
> > "Properties"
> >> >> > takes
> >> >> > 15 seconds or so. Checking Network properties takes 15 seconds or
> >> >> > so.
> >> >> >
> >> >> > When I don't log into the domain on these clients (i.e. login
> > locally),
> >> >> > these operation are instantaneous.
> >> >> >
> >> >> > As far as networking, they are all on the same subnet, matter of
> > fact,
> >> >> > both
> >> >> > clients and domain controller are plugged into the same 4 port
> > router!
> >> > So
> >> >> > it
> >> >> > should not be a network communications problem. All machines are
P4
> >> >> > machines
> >> >> > with 1 gig of RAM and gigabit ethernet controllers. So we have
> >> >> > plenty
> >> >> > of
> >> >> > hardware power, too.
> >> >> >
> >> >> > Pardon the newbie question, I plan to go out to the book store at
> > lunch
> >> >> > and
> >> >> > pick myself up some reading material. But if things are going to
be
> >> >> > this
> >> >> > slow by adding a domain, we might just as well go back to a
> > workgroup.
> >> > Do
> >> >> > the clients have to contact the domain controller for every little
> >> >> > thing
> >> >> > that has to be done?
> >> >> >
> >> >> > Any ideas appreciated. Please respond via newsgroup.
> >> >> >
> >> >> > Thanks
> >> >> >
> >> >> > Robert
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Everything is BLAZING now - plus I have my own "in
> house" DNS server for when my ISP's go down!


Your DNS server only know about your Win 2k domain. That is to say if your
AD domain name is mydomain.com, your DNS server assumes it knows
*everything* about mydomain.com. It will not forward requests for
*anything/anyone* requesting resources from mydomain.com. Requesting
yahoo.com or *anything* other than mydomain.com (basically the entire
Internet), with forwarders setup, your DNS server will forward requests to
your ISP. If your ISP's DNS server goes down, you loose Internet access. If
you set up your AD DNS server to use root hints, your ISP's DNS server can
go down and you will still have Internet access.

For the most part forwarders work fine (ISPs are fairly stable) but if your
ISP has a flaky DNS server you have the option to use root hints.

The procedure to use root hints should be in the DNS for Internet access
link.

hth
DDS W 2k MVP MCSE

"Robert Reineri" <robert123@fnbmarin.com> wrote in message
news:eZ0rxi%23AFHA.3236@TK2MSFTNGP15.phx.gbl...
> Thanks Danny - yes, there was a way to change the router to send the IP of
> the W2K DNS Server. Everything is BLAZING now - plus I have my own "in
> house" DNS server for when my ISP's go down!
>
> I really appreciate all your help.
>
> Thanks
>
> Robert
> "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> newsEpsER%23AFHA.1388@TK2MSFTNGP09.phx.gbl...
>> I'm not familiar with Linksys. If Linksys's DHCP is anything like Windows
>> DHCP you have the ability to change all the settings it passes out to the
>> clients.
>>
>> Check to see if you can adjust the settings the linksys is handing out.
>> If
>> you can't, disable DHCP on it and set up DHCP on your DC. You will need
>> to
>> tell it what IP address range, subnet mask, DNS, WINS, gateway, entries
>> to
>> use. I suspect there is a way to do this with the linksys.
>>