Prev: establish myself back to administrator account
Next: ICS
From: Vegas or Bust on 19 Apr 2010 19:08
Hello,

I seem to be having a strange problem with my Active Directory user
accounts.

We have a Windows 2008 AD domain, with our only domain controller
located at a remote data center. All of our locations have MPLS
connectivity to the data center, with varying speeds.

Users at my largest office seem to lose the ability to properly
authenticate to AD if they are added to too many security groups. At
first we thought it was a specific group causing the problem, but any
new group will reproduce the issue. There doesn't seem to be any magic
number of groups that causes the problem either. Some users are already
members of 3-4 security groups, add a 5th one and authentication breaks.

When the problem occurs, users no longer seem to authenticate to the
domain. They log onto their computer and do not run the login script.
Login also takes a lot longer -- it seems to sit and wait for a while
before completing. Once the user is logged into their PC, they can't
access any networked resources. If I try and map a network drive, I'll
get prompted for credentials. Enter the credentials & I can access the
resource.

Anyone every experienced anything like this or have any idea what might
be going on? I suspect it might be related to latency between my office
and the domain controller -- the DC is physically located in another
part of the country and accessed through a 5mb bonded T1 connection.

Thanks!
 | 
Pages: 1
Prev: establish myself back to administrator account
Next: ICS