2

Current Setup: I have child 2 domains, one in America (amer.domain.com) and one in Asia (asia.domain.com) in the same forest. Both domains are connected via MPLS links.

In each physical site, there is 1 domain controller that is joined to the trusted child domain.

Example: Domain Controller in Singapore would typically be joining asia.domain.com, but there will be 1 domain controller joined to amer.domain.com (for reference purpose, lets call it sng1.amer.domain.com)

Issue: Being in Singapore, when I want to browse amer.domain.com, the ADUC utility will connect to sng1.amer.domain.com

It takes about 1 minute to connect it and roughly 3-4 minutes to do a simple search for objects. This does not happen when a user in America uses ADUC to search asia.domain.com, which would connect to a domain controller which is joined to the asia.domain.com

What could be the issue and how would I be able to determine what's causing this?

Fahmy Aziz
  • 105
  • 4
  • The machine from which you run ADUC, which domain is it in? – strongline Oct 01 '15 at 13:39
  • 1
    Actually since they are in same forest, more importantly, were site/subnet info well defined? All domains share same site info in one forest. – strongline Oct 01 '15 at 13:53
  • The machine I run ADUC from is on the asia.domain.com when I query amer.domain.com Each physical site have their own Site Code and has a specific subnet associated to it. For the sng1.amer.domain.com, it sits in the SNG site code which also houses other Singapore domain controllers, and also use the IP address from the subnet which is tied to the SNG site. – Fahmy Aziz Oct 01 '15 at 14:21
  • run "nltest /dsgetsite" on both amer DC @SNG and client make sure they are actually in same site. Using ldp to file a direct LDAP query to sng1.amer to see what the response time is so we know that DC has no performance issue. – strongline Oct 01 '15 at 14:41
  • Is there a shortcut trust between the two child domains? – Davidw Oct 01 '15 at 14:52
  • nltest shows both are in the same site. LDP from client to the server from a connection, bind, and query perspective looks alright (less than 7 seconds to perform query). There is a shortcut trust between both child domains. – Fahmy Aziz Oct 05 '15 at 07:54
  • One thing I found peculiar is that when I run dsa.msc on the DC itself it takes 30 seconds to launch. On other DC it's only a couple of seconds. Second thing is when I run dcdiag, takes a long time to complete. I noticed that it happens during this process of dcdiag: `Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers ` – Fahmy Aziz Oct 05 '15 at 07:56

0 Answers0