[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Global Catalog Server Question

With the global catalog server. In a Single Domain environment with one dc , when people are logging into the network , their account must contact the gc in order to logon?unless it's already cached, correct?

also In a one domain environment, if i have the the first dc with the gc and  im adding asecondary dc . if i did not want to enable gc on the new server when people are authenticating towards that server it should forward the gc requests to the main server?

i've been try to read around and i was just hoping for some clarity. hopefully i have made sense.

H
0
Helder_Hipolito
Asked:
Helder_Hipolito
  • 2
1 Solution
 
KCTSCommented:
When a user logs onto a domain a global catalog server must normally be contacted to determin universal group membership. (This can be disabled on Win2003 servers but IS NOT recommended). If the DC has no Global catlog of its own it must forward the request to the global catalog.

It is good practice to have at least one DC with Global catalog on one site, Enabling Global Calalog on two DCs provides some fault tollerance and should seriously be considered.. If the DC with global catalog fails, then the other DC will not be able to authenticat logins without the Global Catalog.

I suggest you enable Global Catalog on both machines, its just a check bo, and there is very little overhead,
0
 
KCTSCommented:
Sorry, Its getting late, I made a few typo's in that last comment so here it is again without the errors I hope:-

When a user logs onto a domain, a global catalog server must normally be contacted to determine universal group membership. (This can be disabled on Win2003 servers but IS NOT recommended, see http://support.microsoft.com/kb/241789). If the DC has no Global catlog of its own it must forward the request to the global catalog.

It is good practice to have at least one DC with Global catalog on each site to prevent intersite logon traffic, Enabling Global Calalog on two DCs provides some fault tollerance and should seriously be considered.. If the DC with global catalog fails, then the other DC will not be able to authenticat logins without the Global Catalog.

I suggest you enable Global Catalog on both machines, its just a checkbox, and there is very little overhead involved see http://support.microsoft.com/kb/313994
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now