Solved

Global Catalog Server Question

Posted on 2007-03-24
2
243 Views
Last Modified: 2010-04-20
With the global catalog server. In a Single Domain environment with one dc , when people are logging into the network , their account must contact the gc in order to logon?unless it's already cached, correct?

also In a one domain environment, if i have the the first dc with the gc and  im adding asecondary dc . if i did not want to enable gc on the new server when people are authenticating towards that server it should forward the gc requests to the main server?

i've been try to read around and i was just hoping for some clarity. hopefully i have made sense.

H
0
Comment
Question by:Helder_Hipolito
  • 2
2 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18786539
When a user logs onto a domain a global catalog server must normally be contacted to determin universal group membership. (This can be disabled on Win2003 servers but IS NOT recommended). If the DC has no Global catlog of its own it must forward the request to the global catalog.

It is good practice to have at least one DC with Global catalog on one site, Enabling Global Calalog on two DCs provides some fault tollerance and should seriously be considered.. If the DC with global catalog fails, then the other DC will not be able to authenticat logins without the Global Catalog.

I suggest you enable Global Catalog on both machines, its just a check bo, and there is very little overhead,
0
 
LVL 70

Accepted Solution

by:
KCTS earned 50 total points
ID: 18786702
Sorry, Its getting late, I made a few typo's in that last comment so here it is again without the errors I hope:-

When a user logs onto a domain, a global catalog server must normally be contacted to determine universal group membership. (This can be disabled on Win2003 servers but IS NOT recommended, see http://support.microsoft.com/kb/241789). If the DC has no Global catlog of its own it must forward the request to the global catalog.

It is good practice to have at least one DC with Global catalog on each site to prevent intersite logon traffic, Enabling Global Calalog on two DCs provides some fault tollerance and should seriously be considered.. If the DC with global catalog fails, then the other DC will not be able to authenticat logins without the Global Catalog.

I suggest you enable Global Catalog on both machines, its just a checkbox, and there is very little overhead involved see http://support.microsoft.com/kb/313994
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question