Global catalog, sites, demoting server

Posted on 2011-09-20
Last Modified: 2012-05-12
I have two sites, and three servers.  Site 1 has Server A and Server B.  Site 2 has Server C.

All three of these servers are ADs.

I am in the process of removing Server A from the network.  I have transferred all the FSMO roles to Server B.  Just after doing that, I made B a Global Catalog Server (A was one already, and C is one as well).

Enough time has passed, so I want to remove the GBC setting from Server A.  Just before I did that, though, something made me pause.

When in Active Directory Sites and Services:

Site 1 has Servers A and B.  When looking at the NTDS settings for A, it has two objects, <automatically generated> B and C.
However, Server B only shows <automatically generated> A.

Site 2 has C.  Its NTDS settings only shows <automatically generated> A as well.

It has been a few days since I checked off B as a GBS.  I am not even sure if this is a problem.  I guess I would feel more comfortable if the NTDS setting for B showed C, and the setting for C showed B.  

I hope that makes sense.  Let me know if I need to clarify, or if I even have an issue.


Question by:tnorman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
LVL 57

Expert Comment

by:Mike Kline
ID: 36568063
Verify that replication is working using repadmin, the KCC usually does a good job and it is not a good idea to turn that off (especially in smaller environments)

You don't need automatically generated connections for from/to every server.



Author Comment

ID: 36568107
MKLine...thanks for that.

I am not worried about the auto-generated part, I was just including that to make it more clear as to what I was talking about/describing.

I am worried that the server I am transferring to (B), doesn't have a connection to (C).  Since (A) is going to be removed, that is my concern.

I will investigate that repadmin as you suggested.  I am going to keep this question open though for further input.
LVL 57

Expert Comment

by:Mike Kline
ID: 36568150
When you remove A the KCC will see that and new connection objects will be created.
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.


Author Comment

ID: 36568184
Here's a terrible question: are you 100% on that?  Sorry to ask, but to say this is a 'high-maintenance' client would be an understatement.
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 50 total points
ID: 36568233
yes that is correct.

The real question should be... Why only one DC per site? And why was B never a GCS?

Author Comment

ID: 36568286
Good questions.

1) Site 2 is very small.  Site 1 will have two DCs again.  I am removing one, and putting in a brand new 2008 box.

2) Site 1 isn't that overly large, and didn't think I needed two GCSs.  A lot of the reference material, etc. says to not have 'unnecessary' GCSs, to limit traffic, etc.

I am going to 'check off the box' now.  Let's see what happens!


Assisted Solution

by:Amitabh Singh
Amitabh Singh earned 150 total points
ID: 36568292
the main purpose of GCS (Global Catalog Server) is creating Index for all AD objects , its making this to boost performance of admin search (when admin search any object in AD ) and when system need information about any AD object its provided by this Index !

so GCS (Index file ) is the main server which replicate between the Sites and its make all DC to get all information in fast ,

so its not a problem if you don't have any server with GCS option sign , it will just slow down your replication and user search for non Indexing site , but it will still work .

Now Sites : main purpose of configuring or other word creating multiple sites is to schedule replication time , replication topology .

but you have just 2 DC remaining so their is no need to  configure Sites because their is vary less replication traffic !
LVL 57

Accepted Solution

Mike Kline earned 300 total points
ID: 36568302
One DC per site is fine, just never run a domain with one DC.

Always try and make every DC a GC, see bullet one

in  single domain like yours a GC doesn't play much of a role anyway so just make them all GCs.


LVL 37

Expert Comment

by:Neil Russell
ID: 36568403
"Now Sites : main purpose of configuring or other word creating multiple sites is to schedule replication time , replication topology .

but you have just 2 DC remaining so their is no need to  configure Sites because their is vary less replication traffic ! "

What twaddle!!!!

Please understanf a subject BEFORE you post misinformation and misguide people.

Please read

As you can see the MAIN use of sites a hell of a lot more than replication.

Author Comment

ID: 36568404
Thanks everyone.

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question