Jamf Nation Community

I'll follow up with some of the tweaks that have helped in my
environment using the built-in ad plugin.

Sent from Ken's iPhone

I remember telling an IT manager that DNS scavenging should be enabled...it was like watching this clip (replace the word "refund" with "scavanging")...

http://www.youtube.com/watch?v=MGMoalQ9A18

Don

I don't know anything about your environment, but here are some things that
helped our implementation work well.

- Tweak DNS Scavenging in AD to clean up your dhcp scopes often (setting this too often can overload your DC's) - Make sure that DNS is resolving properly - Set the search domains statically per interface - Turn off IPv6 on all interfaces - Create/Modify /etc/nsmb.conf - http://support.apple.com/kb/HT4017 - http://www.macwindows.com/nsmb-conf-and-slow-SMB-file-sharing.htm
<-- I just ran across this one which helped with a slowness of listing files on a windows smb share

Hi Ben,

A while ago I had began to notice that when you would open Terminal on a
Mac, it would show the incorrect host name. When I would use nslookup to
lookup my IP, I would see maybe 5 different machine names for my one IP. What was going on here was that Active Directory wasn't removing the
dynamic dns names once a dhcp lease would be severed. I'm not necessarily
sure it this was causing any issues, but if nothing else it was really
annoying. Tweaking the time for which Active Directory cleans up it's own
DNS names for it's DHCP scopes can really reduce this. I think we were only
scavenging every 7 days... I'm not entirely sure what our Windows AD
Engineer set the DNS Scavenging setting to after I requested the change...
but it has really cleaned itself up since.

Another thing that I noticed that may or may not change anything is that
when you setup a Mac and give it a name, it is not set in one spot. You can
see this if you use scutil: scutil --get HostName . This will return
"HostName not set". The other parameters; LocalHostName, and ComputerName
are set properly at install time. If not set, the Mac will use whatever
Active Directory DNS thinks your hostname should be. To fix this: "sudo
scutil --set HostName yourhostname"

Besides those, there is not much to worry about with DNS if you are able to
return forward and reverse lookups using dig and nslookup. Another good dns
lookup tool to play with is host.

As far as the /etc/nsmb.conf file... just test it out and see if it helps or
hinders your performance and needs. The file does not exist by default, you
will need to create it, I use vi or vim, but you can also use nano or
whatever text editor you prefer. Mine looks like this:
#####
[default]
streams=no
notify_off=yes
#####

I have always steered away from using AdmitMac or any other product that
helps you bind. One of our sites was using DAVE which really messed things
up as far as file forks and such on the servers. I've also not got a lot of
help from Apple whenever we have an AD problem, we've always been able to
resolve the issues before they can even figure out why something is
happening. My experience with Apple's support has been frustrating as they
have never ended up resolving any issue I have brought to them. I suppose
maybe you can get better support from AdmitMac than you may get from Apple.

Thanks,
Ken

I don't use AD but read through countless threads and emails about it I know that the main culprits of problems like:

DNS Kerberos Bindings