Solved

Is the GC server supposed to be enabled by default in child doamin?

Posted on 2008-06-10
22
355 Views
Last Modified: 2010-04-18
I created a child domain. But when I looked into the site and service, the GC server is not enabled by default for the DC in child domain... is this normal?
0
Comment
Question by:wuitsung
  • 10
  • 10
  • 2
22 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 21755619
Its not the default - but its a good idea to make it one. Go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 250 total points
ID: 21755630
yes this is normal, there is already a GC in your forest, so it doesnt create a new one - you can add the role, but it wont be there by default, the only time a GC is created by default, is in the first DC in a forest

Remember, if you are running child domains now, make sure your GC role doesnt sit on the infrastructure master
0
 

Author Comment

by:wuitsung
ID: 21755662
Thanx! What do you mean " make sure your GC role doesnt sit on the infrastructure master? " 
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755672
you cannot have the infrastructure master role on the same server as a Global Catalog server - a GC holds a partial replica of every object in the domain, if you place the GC role on the inf master, nothing will get updated :)
http://support.microsoft.com/kb/223346
0
 

Author Comment

by:wuitsung
ID: 21755686
But this sounds weired... When you install the first DC in the forest, it has the GC enabled by default and it also has the 5 single master roles by default. So if I only have 1 DC, what can I do?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755688
the rule only comes into play when you introduce a child domain - in a single domain environment it doesnt matter

you should have two DC's my friend, if you are going to use child domains, then in particular your root domain should have redundancy
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21755779
Let me clarify. In a single domain it does not matter which machines are Infrastructure Masters and which are Global Catalog servers, neither does it matter in a multi-domain environment where ALL Domain controllers are also Global Catalogs.

The advice about not having Global Catalog and the Infrastructre master on the same machine ONLY applies in a multiple domain where only some of the DCs are global catalogs. In such a situaltion false "phantoms" can occur.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755795
much better way of putting it
0
 

Author Comment

by:wuitsung
ID: 21756909
Thank you for the explanation. So if I have a single doamin,  with 2 DCs. It doesn't matter if the GC also have the 5 single master roles.

If I have a child domain and it only has 1 DC, it also doesn't matter.
But if I have 2 DCs in child domain, I should only enable GC on second DC.

Is my above statement correct? Thank you.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21756969
if you have a child domain with 2DC's and a root domain with only 1 DC then your priorities are a little bit out of line - it should be the reverse

but yes, you are getting the right idea
0
 

Author Comment

by:wuitsung
ID: 21756996
Thanx Jay_Jay70!! But I don't understand what you mean "priorities are a little bit out of line - it should be the reverse" ?? what properties?? and which one should be reverse?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21757017
you have a root domain - that should have 2DC's not the child...You should ideally of course have two DC's per Domain, but when dealing with child domains, you should ALWAYS have 2 DC's in the root
0
 

Author Comment

by:wuitsung
ID: 21757081
you mean I must have 2 DCs in root domain if I want to create a child domain? why? I have only 1 DC in root domain and 1 DC in child domain, but I didn't see any problem.....
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21757131
its not a "must" it wont give you any problems functionality wise, but you have no redundancy, and if you lose your root domain, you are screwed big time...you have to rebuild both domains..
0
 

Author Comment

by:wuitsung
ID: 21757144
Ok. Thank you! Because you said "you should ALWAYS ...." So I thought you mean must...
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21757171
lol, pleasure - but keep in mind you run a big risk if you run just a single DC in the root :)
0
 

Author Comment

by:wuitsung
ID: 21757212
Sorry.. just a last question... if you say redundancy is important for root domain, so how about child domain? redundancy is not that important in child domain?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21757218
nowhere near as important - i mean, sure, you should still have multiple DC's or you will lose the child, but at worst, you lose the child, not the entire structure
0
 

Author Comment

by:wuitsung
ID: 21757233
Thank you so much!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21757265
pleasure
0
 

Author Comment

by:wuitsung
ID: 21763419
Hi Jay_Jay70, May I ask you another question on the GC again here?  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23477107.html
0
 

Author Comment

by:wuitsung
ID: 21782323
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question