Problem solve Get help with specific problems with your technologies, process and projects.

Speed up Windows 2000 Pro logins to an Active Directory domain

By making some changes to the DNS server configurations on your internal LAN, admins can speed up login time for Windows 2000.

After visiting several clients that had set up their own small Win2k Active Directory domains (with Win2k Professional as the workstation standard), I came across a common error made by novice administrators -- Win2k Pro took upwards of 2 minutes to actually log on to an Active Directory domain controller. Investigating further, I also found that each time the user logged in, an event was generated in the event log on the workstation.

Problem: In every case, the ISP's DNS entries had been assigned to the workstations (either manually, or by DHCP). Before Win2k was around, this setup would be 50% valid (caching on an internal DNS server would be preferred, as it generated less DNS resolutions outside of the LAN) and would be the setup seen in most IT shops.

Resolution: Assign the Win2k server running the DNS service on the internal LAN as the DNS server of all Win2k Professional clients. Then, on the internal DNS server, delete the "." zone, restart the service and add your ISP's DNS entries, so that the DNS server is not a DNS ROOT server, but instead a DNS FORWARDER. This will allow your internal DNS server to resolve internal as well as external queries for clients. (This will also result in DNS entries being cached for internal clients, and less outbound traffic for internet DNS queries).

Reason: Win2K Pro uses DNS to locate domain controllers (the new SRV records...Microsoft wasn't kidding when it said that Win2k relies heavily on DNS). The reason for the long logon is that the Win2k workstation is querying a non-Win2K DNS server for records that only exist in WIn2k compliant DNS servers.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.