I just recently put in a 2K3 server for a domain of about 50 computers. Logging in from a workstation connected to that domain seems to be very very slow and after an amount of time of inactivity, it seems to freeze up applications and network access. I'm thinking that it's probably a DNS issue, but I'm not sure what to look for and what I should be fixing. This is the error I'm getting through event viewer on the workstations: "Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. " AND "Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted." I also seem to have a problem with the migration tool for Exchange server 2003 migrating one of the mail accounts from an old Exchange 5.5 server. It's giving me an error. "The following mailboxes cannot be migrated because they are owned by the same Windows account as another mailbox" If anyone has any idea how I could fix these 2 things, I would really appreciate it... Thanks

Slow logon to a Windows domain is usually due to either corrupt service resource records or the absence of pointer records. Ensure in you have configured a reverse lookup zone in your DNS with the appropriate subnet and make sure this zone contains a pointer (PTR) record for the domain controller. If this does not help, try running from command line. net stop netlogon and then net start netlogon this will recreate your service resource records. Brian Delaney MCP, A+

Slow logon is almost always a DNS issue. Active Directory has no need for a reverse zone or PTR records and does not use either. If DNS is configured properly the SRV records will be also. Restarting the NETLOGON service is not a bad idea but all the proper records in the world won't help if the client is not pointed to the DNS server. Are the client machines configured to point the DNS server for Active Directory, most likely the domain controller? If not, they need to be set manually or given that information via DHCP. Once that is set, we can move to step two. Glen

How exactly would I find out if the client machines are pointing to the right DNS? And if they are, what would be the next step in resolving the problem? Thanks

What are your clients OS's? Win XP: Control Panel, network connections, Local Area network conenct, right click, status. in there are the settings. My PC is also have slow log on but not any errors. I'm sure its aDNs issuer but don't know how to set the DNS server up. Any help would be appriciated.

To check if the client is pointing to the proper DNS server, at a command prompt type IPCONFIG /ALL. Look at the list and see what is listed for DNS SERVERS. That will tell you. Complete instructions for setting up a DNS server for Active Directory is beyond the scope of this forum but you must install the service on a DC and configure it. In most cases you can create an Active Directory Integrated zone and most of the step will be handled automatically. Active Directory will not function without DNS. If you do not understand how DNS works you will not be able to administer an Active Directory domain. It's too complicated to explain here. That's why we get the big bucks. ;) Good luck. There are a lot of books and articles on this topic. It's not hard to find the info, it just takes some work learning and implementing it. Glen

Thanks for everyone's help. I finally got it working relatively well. I added the DNS/PDC's ip to the list of dns server list passed down by the DHCP server. Now, all the client machines are working well. I know a fair amount about DNS, but not about how it works with AD. This new server is a W2K3 box. The old one was NT4 and the only DNS settings passed down through DHCP were internet DNS servers. I suppose AD needs the PDC's DNS server to resolve AD's structure or something. Anyways, thanks everyone!