As a consultant, I’m often
brought in as hired help
when projects or daily
tasks are overwhelming the
onsite IT staff. In this role, I
sometimes get assigned maintenance or cleanup tasks that
initially seem, well, boring.
What can make these jobs more
interesting is the chance to be
creative in accomplishing the
chore. When the solution involves writing some nifty code
that does the job in minutes,
what seemed to be just another
tedious assignment turns out to
be downright satisfying. This
was the case when I was
recently asked to look into a
Netlogon warning that was
showing up on all the domain
controllers (DCs) in a fairly large
corporation. This warning was
accompanied by spotty complaints of slow logons. Figure 1 shows the important
parts of the warning message.
This company has a home
office with several thousand
users and hundreds of branch
offices with hundreds of clients
at each branch. Apparently,
when the company migrated to
Active Directory (AD), only
some of the IP subnets in use
had been assigned to AD sites. As event 5807 warns, not associating IP subnets to AD sites
can lead to clients at one location authenticating to a DC in
another location several IP hops
away, even though there might
be a DC sitting just 10 feet from
the client. The Microsoft article
“How Domain Controllers Are
Located in Windows” (http://support.microsoft.com/?kbid=247811) emphasizes the importance of having subnets associated with AD sites as a client’s
primary means of finding an
optimal DC with which to communicate. . . .
Register
