PrincipalContext.ValidateCredentials slow with trusted domain using NetBios name

Question

I've created a service that validates credentials against Active Directory using System.DirectoryServices.AccountManagement. I need to validate credentials against the local domain as well as a trusted domain. The response time for validating credentials is fast for both the local and trusted domain when run on my computer. When I move this service to our server, the local domain response is fast however, the trusted domain response is very slow (20 - 30 seconds).

I've also found that if I change the domain name in the PrincipalContext from the NetBios name to the DNS name it corrects the the performance problem on the server.

Here's some examples

PrincipalContext context = new PrincipalContext(ContextType.Domain, sNetBiosName)
context.ValidateCredentials(sUsername, sPassword)

On the server, the above will take 20-30 seconds using the NetBios Name

PrincipalContext context = new PrincipalContext(ContextType.Domain, sDNSName)
context.ValidateCredentials(sUsername, sPassword)

Using the DNS name the response is 0-2 seconds

Any ideas on what needs to be setup on the server to speed this up using the NetBios name?

Answer 1

NetBIOS is notoriously slow in the big network. Here explains how the NetBIOS name resolution works. Normally, Windows tris to resolve the NETBIOS name in the following order.

1. local cache
2. lmhosts file
3. WINS server
4. network broadcast

So, you can see one thing that you can improve the NetBIOS name resolution speed is to edit the lmhosts file on your server, so that you can take the network completely out of the equation. Follow this Microsoft KB to add your domain and PDC to your lmhosts file.