I have monitored server performance at these times and the processors are virtually idle at 2% to 3 %. I have a gig of memory and hardly anything is being paged out. Fragmentation is being handled. It's such a problem that I have returned to the workgroup model. However, I have little control over security like this and I feel it is a big problem waiting to happen. I can't help but wonder if it is related to how the workstations are set up. Have you seen this before?
Slow domain logons are usually due to a couple of possible conditions. One of the most common reasons, especially in XP, is the use of asynchronous networking. You can disable this feature in Group Policy, under Computer Configuration | Administrative Templates | System | Logon. Change "Always wait for the network at computer startup and logon" to "Enabled" and see if that helps.
If this setting is missing in the Group Policy, you can set the value through a Registry key, which is usually more permanent. Create the REG_DWORD value SyncForegroundPolicy in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\ and set it to 0.
Another reason for slow domain logons is DNS. Make sure the primary DNS for the workstations is pointing at the domain controller, and not an external address.
I have also seen in some networks that the choice of network interface (NIC) sometimes affects this -- some NICs seem to cause it spontaneously and some don't. In cases like that I suspect the NIC driver is misconfigured or buggy. Sometimes the Web Client service in WinXP can cause a slow domain logon as well; try disabling it or setting it to start manually rather than automatically and see if that changes login times.
This was first published in November 2003