Re: Global Catalog Failure

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing. Knowing
which switch options to select may not always be simple, but with this front
end click and go.

You will still need the two command line tools. If you don't have the tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details to
a text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server or
a remote DC via a text box.

This script is customizable. The storage location of the script storage of
the output logfiles and diagnostic tools are modified by a const definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71B82F5A-9753-48DB-8900-04E314643B66@xxxxxxxxxxxxxxxx
I tried to promote my DC to a GC (in my test domain)and it looked like it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set to
backup at this time. But I was never able to disjoin the old GC and things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A536EEA-4897-451C-BA0E-7D63D75B01AA@xxxxxxxxxxxxxxxx
I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D7A72AD-C3D7-470D-A3B2-570EBDA9E1B1@xxxxxxxxxxxxxxxx
No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Herb Martin" wrote:

"Janelle" <Janelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D8F65831-1C90-42D1-9243-F246A3F1ABF1@xxxxxxxxxxxxxxxx
My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]











.

Loading