Re: GC-Problems
- From: "JMS" <jms_pt@xxxxxxx>
- Date: Tue, 21 Mar 2006 21:19:18 -0000
And if the PDC isn't available... No logon????
--
Systems Administrator
MCSA + Exchange
"Bill" <itprofessional0812_at_remove_yahoo.com> wrote in message
news:uvRyUoSTGHA.4976@xxxxxxxxxxxxxxxxxxxxxxx
Not necessarily. Any DC can authenticate a logon - but the authenticating
DC will check with the PDC if the password the user supplied does not
match the value it has. If this occurs, it checks with the PDC to see if
the user's password has changed within the last replication interval.
"JMS" <jms_pt@xxxxxxx> wrote in message
news:OVgtSgSTGHA.4952@xxxxxxxxxxxxxxxxxxxxxxx
Just Another Thing
When Users from domain1 trying to logon on Domain3 they must be able to
contact the DomainController that is hosting the PDC role on Domain1
rigtht??
Thnks Again
--
Systems Administrator
MCSA + Exchange
"Bill" <itprofessional0812_at_remove_yahoo.com> wrote in message
news:eQqxzRSTGHA.4300@xxxxxxxxxxxxxxxxxxxxxxx
OK, here's what is happening. To clarify all of this, let's define what
a GC is. A Global Catalog server stores a partial replica of informaion
from all domains in the forest. You have 5 domains, so each GC has
replicas of objects from all of those domains. The GC stores only a
minimal set of attributes of that object, and are primarily used for
searches. They also store information about where to find the full
replica of the object, that is, a DC for the domain.
OK, even though a GC stores information about objects in ALL domains, it
is not a domain controller for those domains, other than its own. So,
if you have a user from domain 1 in domain 3, that user cannot
authenticate to their domain unless the WAN is up. If you had a domain
1 DC in the same location as domain 3, it would work, because you have a
DC for that domain locally. So you could set up two sites for domain 1,
one which already exists, and another at the site where domain 3 is. At
the domain 3 site you could deploy a new domain 1 DC, and the data would
replicate back and forth. If the WAN is down, no big deal, we have a DC
for domain locally. Make sense?
OK, now for the second question. When you search the entire directory,
you are looking at a GC. When you select a specific domain, you are
attempting to contact a DC for that domain. In your case, if the WAN is
down, you have no local DC to search for that information and your query
fails.
"GIG" <GIG@xxxxxx> wrote in message
news:uo99zxQTGHA.4264@xxxxxxxxxxxxxxxxxxxxxxx
Hello Bill
Configuration - 5 Sites - 5 Diferent Subnets (One to each site) 5
Different Domains (One in Each Site)- 2 Domain Controllers per Domain
1 - Site = 1 domain = 2 DomainControllers, 1 of the domain controllers
is a GC.
2 - Site = 2 domain = 2 DomainControllers, 1 of the domain controllers
is a GC.
3 - Site = 3 domain = 2 DomainControllers, 1 of the domain controllers
is a GC.
4 - Site = 4 domain = 2 DomainControllers, 1 Universal Group Membership
Enabled
5 - Site = 5 domain = 2 DomainControllers, 1 Universal Group Membership
Enabled
I have users from different sites or domains that need to logon on
different domains.
For example: I have one or more users from domain 1 and they go to the
domain 3 and try to logon on machines on Domain 3 with their users
names (DOMAIN1\USER01). If the wan link is down, the the logon is
denied stating that the domain couldn't be contacted. (In yhis
situation the users are trying to logon on machines that exists in
domain3).
My question is if I have a GC on Site3-Domain3, why users aren't
allowed to logon with their user names??
The other question is:
When I try to make searches when the wan link is down.
For example: from Domain 1 to domain3- I open Ad Users and computers
and select Find, In search i have locations to define, if i select
Entire Directory, the search is ok and shows me all objects in all
domains, but if i select a especific domain, for example Domain3, the
search can't find anything. This only happens when the wan link is
down.
"Bill" <itprofessional0812_at_remove_yahoo.com> wrote in message
news:e7y7PEQTGHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
I'm not sure I understand. I'd recommend you have one GC per site.
You mention that you don't have GC's there because of bandwidth
considerations, but you'd want a GC in those sites anyway. This
should not increase network utilization, it should decrease it because
the GC is now on the local LAN and you are only replicating delta
changes to the catalog.
"GIG" <GIG@xxxxxx> wrote in message
news:%23OwHNyMTGHA.4956@xxxxxxxxxxxxxxxxxxxxxxx
Hello everyone
I Have 5 Diferent Sites with 2 domain controllers in each site, exist
one different subnet per site, and five diferent Tree root Domains,
one for each site.
3 of the 5 sites have 1 Global Catalog the the other Two sites have
have Universal group membership enabled.
Now the problem is if Wan link is down, and I try to make searches on
AD to other different Domains or if a user from other domain tries to
logon on a machine the logon is denied... Isn't suppose the GC to
have all information about the forest and serve all queries an logon
requests??
What about the 2 Sites that have only the Universal Group Membership
Enabled, if I need to make searches to that domain which site or
global catalog should i make sure that has Wan connection available??
(Remember they don't have any GC, THEY ONLY HAVE Group Membership
Enabled, because the Wan links are very slow).
Some help would be very appreciated.
Regards
.
- References:
- Re: GC-Problems
- From: Bill
- Re: GC-Problems
- From: Bill
- Re: GC-Problems
- From: JMS
- Re: GC-Problems
- From: Bill
- Re: GC-Problems
- Prev by Date: Re: GC-Problems
- Next by Date: Re: How to convert ADC to PDC?
- Previous by thread: Re: GC-Problems
- Index(es):
Relevant Pages
|
|
