Speed up Windows 2000 Pro logins to an Active Directory domain

After visiting several clients that had set up their own small Win2k Active Directory domains (with Win2k Professional as the workstation standard), I came across a common error made by novice administrators -- Win2k Pro took upwards of 2 minutes to actually log on to an Active Directory domain controller. Investigating further, I also found that each time the user logged in, an event was generated in the event log on the workstation.

Problem: In every case, the ISP's DNS entries had been assigned to the workstations (either manually, or by DHCP). Before Win2k was around, this setup would be 50% valid (caching on an internal DNS server would be preferred, as it generated less DNS resolutions outside of the LAN) and would be the setup seen in most IT shops.

Resolution: Assign the Win2k server running the DNS service on the internal LAN as the DNS server of all Win2k Professional clients. Then, on the internal DNS server, delete the "." zone, restart the service and add your ISP's DNS entries, so that the DNS server is not a DNS ROOT server, but instead a DNS FORWARDER. This will allow your internal DNS server to resolve internal as well as external queries for clients. (This will also result in DNS entries being cached for internal clients, and less outbound traffic for internet DNS queries).

Reason: Win2K Pro uses DNS to locate domain controllers (the new SRV records...Microsoft wasn't kidding when it said that Win2k relies heavily

Requires Free Membership to View

on DNS). The reason for the long logon is that the Win2k workstation is querying a non-Win2K DNS server for records that only exist in WIn2k compliant DNS servers.

This was first published in October 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.