Latency login user AD

  • Last Post 3 weeks ago
daniel.oprea posted this 16 May 2018

Hello experts, 
I need your help.
I have an AD with 2 DCs W2K8R2 and with the functional root in W2K8. I have a small problem, if you can call it a problem ... It's the typical war between development and systems ...
I have a SharePoint 2010 infrastructure with some websites and the Development department complains that the infrastructure has problems due to the time of the users loging and they say that the DCs are slow to respond when it answers a login request, so there is latency. 
So my question is, how can you see the login time in the events or in some log?
I have seen this kb: 
But the hotfix for 2008R2 is removed since I can not find it shows me only the one from 2012.
How can I trace the login of the users in the dcs and see if there are login errors or the authentication times are high? How can I analyze the login response times of the dcs?
Reciba Atentamente
Un Saludo Cordial
Daniel Oprea

Order By: Standard | Newest | Votes
stevelane85 posted this 3 weeks ago

Refer to below informative resources may help you to troubleshoot this issue:

Diagnosing slow active directory logins

Measure login latency

Another infromative post to detect last logon date and time for all Active Directory Users:

samaccountname posted this 11 June 2018

Heres a login script I wrote a number of years ago, which measures and records login details and writes it to the event log on the client.  It was very useful in my environment for troubleshooting reports of logon slowness


Name: Enum-LogonPerformance.ps1
Version: 3.2

Measure the time it takes a user to log in to Windows by calculating the difference between
the creation of the UserExperience event recorderd in System log, which is timestamped when
the logon attempt is initiated.

By measuring this objects create time with Get-Date when this script executes, we can reasonably
measure the elapsed time from entering username/password until the desktop is rendered and the
login session is viable.

This is accurate within a few seconds, per my testing.

# Get a timestamp
$LogonDate = get-date

# Get useful enviroment Variables
$LoggedOnUser = Get-Content env:Username
$WorkstationName = Get-Content env:ComputerName
$myDC = Get-Content env:LogonServer

# Calculate elapsed time by grabbing the createTime of the UserExperience event which is written at logon.
$EventTime = Get-EventLog -LogName System -InstanceId 7001 -Newest 1
$Duration = $LogonDate.TimeOfDay.TotalSeconds - $EventTime.TimeGenerated.TimeOfDay.TotalSeconds
$Duration = $('{0:N0}' -f $Duration)

# Get AD Site of user
$adSite = New-Object -com ADSystemInfo
$objType = $adSite.gettype()
$Site = $objType.InvokeMember("sitename","GetProperty",$null,$adSite,$null)

# Get client IP Address at time of logon
$IpAddress = Get-WmiObject Win32_NetworkAdapterConfiguration | Where { $_.IPAddress } | Select -Expand IPAddress | Where { $_ -notlike '169.*' -and $_ -notlike "*::*"}

# Write statistics to event log (System)
# Make sure the source "USER_LOGON" is available in the system log
New-EventLog -source “USER_LOGON” -logname “System” 2> $null

# Now write the last logon details to the log.
Write-EventLog `
-LogName System `
-Source USER_LOGON `
-EventID 1001 `
-EntryType Information `
-Message "Last logon details:`n
Logon Date/Time: $LogonDate`
Username: $LoggedOnUser`
Client Ip Address: $IpAddress
Site of origin: $Site`
Servicing DC: $myDC`
Elapsed time to logon: $Duration (seconds)"


Icolan posted this 22 May 2018

Windows 2008 is not EOL until 1/14/2020 as long as it has a service pack applied.
I do agree that it should be upgraded, but 2008 is not EOL.


patrickg posted this 21 May 2018

W2K8 is EOL’d, upgrade.


Take a look at the AD Perfmon counters.

A lot of the monitoring components have gotten better with newer OS’s, start planning on upgrading to 2016.


Depending on scale, you may want a separate pool of DC’s for sharepoint.