Re: GC-Problems

OK, here's what is happening. To clarify all of this, let's define what a
GC is. A Global Catalog server stores a partial replica of informaion from
all domains in the forest. You have 5 domains, so each GC has replicas of
objects from all of those domains. The GC stores only a minimal set of
attributes of that object, and are primarily used for searches. They also
store information about where to find the full replica of the object, that
is, a DC for the domain.

OK, even though a GC stores information about objects in ALL domains, it is
not a domain controller for those domains, other than its own. So, if you
have a user from domain 1 in domain 3, that user cannot authenticate to
their domain unless the WAN is up. If you had a domain 1 DC in the same
location as domain 3, it would work, because you have a DC for that domain
locally. So you could set up two sites for domain 1, one which already
exists, and another at the site where domain 3 is. At the domain 3 site you
could deploy a new domain 1 DC, and the data would replicate back and forth.
If the WAN is down, no big deal, we have a DC for domain locally. Make
sense?

OK, now for the second question. When you search the entire directory, you
are looking at a GC. When you select a specific domain, you are attempting
to contact a DC for that domain. In your case, if the WAN is down, you have
no local DC to search for that information and your query fails.


"GIG" <GIG@xxxxxx> wrote in message
news:uo99zxQTGHA.4264@xxxxxxxxxxxxxxxxxxxxxxx
Hello Bill

Configuration - 5 Sites - 5 Diferent Subnets (One to each site) 5
Different Domains (One in Each Site)- 2 Domain Controllers per Domain

1 - Site = 1 domain = 2 DomainControllers, 1 of the domain controllers is
a GC.
2 - Site = 2 domain = 2 DomainControllers, 1 of the domain controllers is
a GC.
3 - Site = 3 domain = 2 DomainControllers, 1 of the domain controllers is
a GC.

4 - Site = 4 domain = 2 DomainControllers, 1 Universal Group Membership
Enabled
5 - Site = 5 domain = 2 DomainControllers, 1 Universal Group Membership
Enabled


I have users from different sites or domains that need to logon on
different domains.

For example: I have one or more users from domain 1 and they go to the
domain 3 and try to logon on machines on Domain 3 with their users names
(DOMAIN1\USER01). If the wan link is down, the the logon is denied stating
that the domain couldn't be contacted. (In yhis situation the users are
trying to logon on machines that exists in domain3).

My question is if I have a GC on Site3-Domain3, why users aren't allowed
to logon with their user names??

The other question is:
When I try to make searches when the wan link is down.
For example: from Domain 1 to domain3- I open Ad Users and computers and
select Find, In search i have locations to define, if i select Entire
Directory, the search is ok and shows me all objects in all domains, but
if i select a especific domain, for example Domain3, the search can't find
anything. This only happens when the wan link is down.


"Bill" <itprofessional0812_at_remove_yahoo.com> wrote in message
news:e7y7PEQTGHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
I'm not sure I understand. I'd recommend you have one GC per site. You
mention that you don't have GC's there because of bandwidth
considerations, but you'd want a GC in those sites anyway. This should
not increase network utilization, it should decrease it because the GC is
now on the local LAN and you are only replicating delta changes to the
catalog.


"GIG" <GIG@xxxxxx> wrote in message
news:%23OwHNyMTGHA.4956@xxxxxxxxxxxxxxxxxxxxxxx
Hello everyone

I Have 5 Diferent Sites with 2 domain controllers in each site, exist
one different subnet per site, and five diferent Tree root Domains, one
for each site.

3 of the 5 sites have 1 Global Catalog the the other Two sites have have
Universal group membership enabled.
Now the problem is if Wan link is down, and I try to make searches on AD
to other different Domains or if a user from other domain tries to logon
on a machine the logon is denied... Isn't suppose the GC to have all
information about the forest and serve all queries an logon requests??

What about the 2 Sites that have only the Universal Group Membership
Enabled, if I need to make searches to that domain which site or global
catalog should i make sure that has Wan connection available?? (Remember
they don't have any GC, THEY ONLY HAVE Group Membership Enabled, because
the Wan links are very slow).

Some help would be very appreciated.
Regards








.

Relevant Pages

  • Re: GC-Problems
    ... A Global Catalog server stores a partial replica of informaion ... I have users from different sites or domains that need to logon on ... When I try to make searches when the wan link is down. ...
    (microsoft.public.win2000.active_directory)
  • Re: GC-Problems
    ... And if the PDC isn't available... ... When Users from domain1 trying to logon on Domain3 they must be able to ... A Global Catalog server stores a partial replica of informaion ... When I try to make searches when the wan link is down. ...
    (microsoft.public.win2000.active_directory)
  • Re: GC-Problems
    ... When Users from domain1 trying to logon on Domain3 they must be able to ... A Global Catalog server stores a partial replica of informaion ... They also store information about where to find the full ... When I try to make searches when the wan link is down. ...
    (microsoft.public.win2000.active_directory)
  • Re: GC-Problems
    ... Any DC can authenticate a logon - but the authenticating DC ... it checks with the PDC to see if the user's ... A Global Catalog server stores a partial replica of informaion ... When I try to make searches when the wan link is down. ...
    (microsoft.public.win2000.active_directory)
  • Re: GC-Problems
    ... Now the problem is if Wan link is down, and I try to make searches on AD ... on a machine the logon is denied... ... What about the 2 Sites that have only the Universal Group Membership ...
    (microsoft.public.win2000.active_directory)
Loading