Troubleshooting slow AD logins?

Contributor III

Can anyone offer any suggestions on how to troubleshoot a "slow login" issue?

Specifically, we've had 3 Macs reported to us where login using Active Directory accounts is quite slow. We reproduced the issue with our test student AD account and found that it was taking around 4-5 minutes from pressing Enter on the login box to having a usable desktop with drive icons and Dock.

Our local administrator account is quicker to log in, but still slower than we might have expected it to be.

I tried running a diagnostic utility I found called EtreCheck, but it didn't really come up with anything particularly actionable.

EDIT: we only have one site, this is in relation to Macs that are on that site, and it is only happening with some Macs - other Macs are fine.

EDIT 2: our domain is a .local, and (among other things) we do use configuration profiles to apply restrictions to student users, so we do need these to be applied before the user can start using the computer.


Valued Contributor II

So we had similar problems years ago, and found writing some login timeouts seemed to make a difference. check out this post. [](link URL)


are you pointing to the closest domain controller on site? is the domain controller located in AWS land?

Contributor III

@easyedc we only have one site and this is in reference to Macs on that site. It's not happening to all of them either, only some.
@B-35405 when setting up the AD binding I didn't see any options to specify which domain controller to use? but they're equally close I believe so I wouldn't have thought it mattered? all our domain controllers are on-site.

Valued Contributor II

Regardless of the site, setting timeouts should help if you're AD bound.

defaults write /Library/Preferences/ DSBindTimeout -int 10
defaults write /Library/Preferences/ BypassPreLoginCheck -bool YES

Valued Contributor

Is your domain a .local?

New Contributor III

@DanJ_LRSFC We've also had slow logins with AD accounts on Mojave for quite some time now. 10.14.5 seems to improve the login times slightly. Removing security apps also improved the login times.

Valued Contributor

I ran into a similar issue, but logins were also being bounced (even though the username/password combination was correct). It was actually a sync issue with my domain controllers that was causing it. In addition, I would double check date and time and re-bind if necessary.

My domain @ryan.ball is a .local. Not running into any issues with Macs.

I would also double check any policies scoped at login to the machines having issues. Could be something slowing it down there.

Contributor III

@easyedc I googled the BypassPreLoginCheck setting, it seems like this would prevent some MDM profiles being applied before the user is able to start using the computer? This seems like it would have the potential to allow students to get around restrictions we've set up using configuration profiles.
@ryan.ball Yes, our domain is a .local.
@jared_f I've only really got one policy that is scoped to run at login (our login script, which sets up the Dock and mounts ~/Documents to the user's AD home directory), and it doesn't always seem to run in a timely fashion either - I've had to add it to Self Service so that students can re-run it if it doesn't run automatically.