Solved

Global Catalog Query:  Nice Easy points!

Posted on 2004-09-01
15
765 Views
Last Modified: 2010-05-18
New to w2k and I have some queries about the global catalog server.

I am aware that the first DC in a forest becomes the global catalog server.

What I am reading tells me that if the global catalog server is not available then users cant logon, fair enough, but is this the case if another DC in the same domain is presesnt but is not a global catalog server?

If you have 3 DC's in a domain can they all be GC servers?
0
Comment
Question by:Gazzbut
  • 6
  • 3
  • 3
  • +2
15 Comments
 
LVL 9

Expert Comment

by:BigC666
ID: 11956560
howdy,

have a look at this http://www.jsiinc.com/SUBG/TIP3100/rh3115.htm

hope that it helps
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11956652
>>If you have 3 DC's in a domain can they all be GC servers?

yes - but if you put the GC and the Infrastructure master on the same domain controller - it defeats the object of having an infrastructure master (cause its local copy will be the same as the GC - cause it IS the GC) so it will never find any differences.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11956765
Here is some more info.

If the global catalog is down, only domain admins can log into your network. So, yes, if it goes down your users will not be able to log in. If you have 3 DC's then you should have 2 Global Catalogs. You should not put the Global Catalog on the server running the Infrastructure Master. Here is an article on the proper placement of FSMO roles and Global catalogs in a 2000 AD environment. http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

So if your first DC is holding all of the roles (as it should be), you should read the above article, understand what FSMO roles are and decide on how you want to lay it out.

You may make any domain controller a global catalog, by opening Active Directory Sites and Services and opening up the sites, site, and then right click on the server and selct properties. Global catalog is a check box option on the properties page.

J
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11956776
I am too slow, I got called away... ;)

J
0
 

Author Comment

by:Gazzbut
ID: 11956778
What is an infrastructure master?
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11956820
If you only have 1 domain, and you will not be running any "Sites", meaning you have 3 DC's in one network and they are all local then... you can just make another DC a global catalog, and not worry about the infrastructure role. You can learn all of that, in your own time ;)

J
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11956847
On smaller domains with a limited number of domain controllers, the Schema Master and the Infrastructure Master are the same Windows 2000 domain controller.
The Schema Master is typically the first server you brought online using Windows 2000 Server. It is the Schema Master because it defines the Active Directory schema for the domain (the schema being the actual definition of the objects contained in the Active Directory). There is only one Schema Master per Windows 2000 forest (which can be many domains).
The Infrastructure Master is charged with the task of upgrading group and user associations. It keeps track of what groups users belong to. If group membership changes, the Infrastructure Master records this and then replicates it to the other domain controllers in the domain. When you create the first domain in a Windows 2000 forest, that domain controller is assigned the Infrastructure Master status.
http://www.samspublishing.com/articles/article.asp?p=98829&seqNum=5
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 18

Expert Comment

by:exx1976
ID: 11960494
It is perfectly fine to make the Infrastructure master a GC, as long as ALL DC's in your domain are GCs.  If each and every DC is a GC, then the IM role is not necessary, as each DC/GC will have a correctly updated copy of everything.
0
 

Author Comment

by:Gazzbut
ID: 11961412
So to clarify - you can have multiple GC's but will only have one infrastructure master and one schema master per domain?
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11963533
You will only have 1 schema master and 1 domain naming master per Forest, then you have the other three roles in each domain, Infrastructure Master, PDC Emulator and RID master. This article really does explain it all.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346

Let us know if you have questions with the KB.

J
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 125 total points
ID: 11963975
Gazzbut-   In a nutshell, like jdeclue said, you'll have one domain naming master and one schema master per FOREST.  You'll have one of each of the other three PER DOMAIN.  And, like I said before (and the above KB states), if ALL DCs are GCs, then don't worry about the IM role, since it becomes irrelevant.

"If every domain controller in the domain also hosts the global catalog, then there are no phantoms or work for the infrastructure master to do. The infrastructure master may be placed on any domain controller in the domain."

taken from the above KB..


HTH,
exx
0
 

Author Comment

by:Gazzbut
ID: 11964135
sorry the rest of you - I wanted to split the points but didnt get a chance. Have they changed the system since last time i was here???
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11965465
Gazzbut, I don't worry about the points ;) I am glad we could help.

exx1976, PeteLong and I both told him about the GC and small domains, Please do not restate our answers, do try to add something new.

J
0
 
LVL 18

Expert Comment

by:exx1976
ID: 11966765
Internet tough guy, huh?  Don't take it out on me because he awarded the points incorrectly.  I couldn't care less one way or the other.  I was simply trying to let him know about GCs and DCs and the IM, since most people do not understand this properly, and even though MS says it doesn't matter, there still seem to be two schools of thought regarding this design decision.  I figured that my short, concise answer would give him a hand, little did I know he'd award points for it.

Do try to shut up now.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11967135
Not worth a response... ;)

J
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now