Like in my last post, I have been in IT for many years. Every place I have worked at and even when I worked at an MSP, I have always seen the Active Directory Users and Computers take a really long time to load. Often times be very slow while on VPN. I was finally challenged to see why.
Reasons
There are hundreds of reasons apparently for it being slow. I have seen it slow on Global connect, Open VPN, Cisco’s Anyconnect, WatchGuard, and more. Apparently, the issue is with how ADUC communicates via DNS.
Yes, it’s a DNS problem.
The solutions for a slow ADUC on VPN
Point to the server’s IP instead of the DNS name.
If you right click your ADUC in the start menu, you can click properties. Then from there, you can add /server=”<Your Servers IP Address>” and this should resolve the issue. The load time went from 5 minutes to 10 seconds. I’m not all sure the back end fix, but this one worked well.
A registry fix
Here is a registry fix that seems to work on some machines. I tested this on windows 10 and 11. I was unable to test it on multiple network stacks, just my pfsense and untangled stacks. So, let me know if these keys work for you.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
EnablePMTUDiscovery dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
EnablePMTUBHDetect dword:00000000
Disable IPV6
If your network doesn’t need IPV6, sometimes disabling IPv6 will resolve these issues.
In theory, these two solutions should resolve the Slow ADUC on VPN. However, in some cases, it will not.