Domain and laptop computers
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Domain and laptop computers

 
Post new topic   Reply to topic    Windows Server Forum Index -> General Discussion
Author Message
Mattias Dahlberg
Guest
Posted: Mon Nov 14, 2005 5:50 pm    Post subject: Domain and laptop computers Reply with quote
Hi,

When a computer is connected to the internet, outside of our network, it
tries to contact our domain controllers. The thing is, we don't allow
connections to our domain controllers from the outside. So the result is
very long bootup and login times.

What's best practice when it comes to this? Should we have designed the
domain differently? When the computer boots up it makes a "Standard query
SRV _ldap._tcp.dc._msdcs.ad.xx.xx" and gets the names of the domain
controllers, which it then tries to contact in turn, many times.

As you might understand, we don't NAT and have a single DNS. We tried to
block ICMP to the domain controllers as well, but the computer keeps on
trying anyway. We just want the computers to use the cached profile, when
outside of our network, and not try so hard to reach the domain.

Any input appreciated.

Regards,
Mattias
Back to top
Miha Pihler [MVP]
Guest
Posted: Mon Nov 14, 2005 5:50 pm    Post subject: Re: Domain and laptop computers Reply with quote
Can you explain a bit more about your DNS (name) setup? Is Active Directory
DNS exposed to the internet?

One way to avoid this problem would be to boot PC first and logon and only
then insert network cable (till we come up with better solution) :-)

--
Mike
Microsoft MVP - Windows Security

"Mattias Dahlberg" <mda@remove.this-du.se-remove.this> wrote in message
news:O%23ADaAT6FHA.2036@TK2MSFTNGP14.phx.gbl...
Quote:
Hi,

When a computer is connected to the internet, outside of our network, it
tries to contact our domain controllers. The thing is, we don't allow
connections to our domain controllers from the outside. So the result is
very long bootup and login times.

What's best practice when it comes to this? Should we have designed the
domain differently? When the computer boots up it makes a "Standard query
SRV _ldap._tcp.dc._msdcs.ad.xx.xx" and gets the names of the domain
controllers, which it then tries to contact in turn, many times.

As you might understand, we don't NAT and have a single DNS. We tried to
block ICMP to the domain controllers as well, but the computer keeps on
trying anyway. We just want the computers to use the cached profile, when
outside of our network, and not try so hard to reach the domain.

Any input appreciated.

Regards,
Mattias
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> General Discussion All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB