Speed up Windows 2000 Pro logins to an Active Directory domain

By making some changes to the DNS server configurations on your internal LAN, admins can speed up login time for Windows 2000.

After visiting several clients that had set up their own small Win2k Active Directory domains (with Win2k Professional as the workstation standard), I came across a common error made by novice administrators -- Win2k Pro took upwards of 2 minutes to actually log on to an Active Directory domain controller. Investigating further, I also found that each time the user logged in, an event was generated in the event log on the workstati...

on.

Problem: In every case, the ISP's DNS entries had been assigned to the workstations (either manually, or by DHCP). Before Win2k was around, this setup would be 50% valid (caching on an internal DNS server would be preferred, as it generated less DNS resolutions outside of the LAN) and would be the setup seen in most IT shops.

Resolution: Assign the Win2k server running the DNS service on the internal LAN as the DNS server of all Win2k Professional clients. Then, on the internal DNS server, delete the "." zone, restart the service and add your ISP's DNS entries, so that the DNS server is not a DNS ROOT server, but instead a DNS FORWARDER. This will allow your internal DNS server to resolve internal as well as external queries for clients. (This will also result in DNS entries being cached for internal clients, and less outbound traffic for internet DNS queries).

Reason: Win2K Pro uses DNS to locate domain controllers (the new SRV records...Microsoft wasn't kidding when it said that Win2k relies heavily on DNS). The reason for the long logon is that the Win2k workstation is querying a non-Win2K DNS server for records that only exist in WIn2k compliant DNS servers.


This was first published in October 2001

Dig deeper on Domain Name System (DNS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close