Re: How many Global Catalog Servers are needed?

Tech-Archive recommends: Fix windows errors by optimizing your registry

If you have but a single domain, make every DC a GC. There is no additional overhead to do so.

As you found out, GCs are needed during authentication. Specifically they are needed for cracking UPNs if a UPN logon is used and for resolving universal group memberships. You can disable the requirement for a GC for auth but it is only safe to do if you are not using Universal Groups for security, you can check into the IgnoreGCFailures reg value.

You can also instead of those things enable Global Catalog Caching but I really don't recommend it, there are more issues associated with it, IMO, than benefits. It is just another hack workaround for issues that shouldn't exist in the first place.




--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


SEgerton wrote:
I’m new to Active Directory; and I just started testing a new domain I’ve been working on. On one particular test, I started having issues that I believe are related to Global Catalogs. Let me first give an overview of the structure of the domain, and the test that I was trying to perform. Then I will give the errors that I came across.

I have two offices. Office 1 is our production office. Office 2 is for our Disaster Recovery. In office 1 we have 3 servers. 2 servers are Active Directory Domain Controllers, and the third server is a member server used as a File Server. Both Domain Controllers are both Active Directory Integrated DNS Servers. There is a T1 line that connects both Office1 and Office2. In Office 2, I have the same setup. I joined the first two servers to the same domain in Office 1 as Active Directory Domain Controllers. These two servers are also Active Directory Integrated DNS servers. The third server in Office 2 is also a member server used as a File Server. The File Server in Office 2 is only used at the moment for replication of the File Server in Office 1. For this we are using a third party replication software. This setup was put together this way in the event of a disaster and office 1 goes down, users can go to Office 2 and work.

Here is the test I tried. I turned off both server 1 and server 2 in Office 1, hoping that Active Directory would still work because of Server 1 and Server 2 in Office 2. The redundancy is there for the Domain Controllers and for DNS. But after the server were down. I tried logging into the domain on a pc as a user, and the logon took a long time. At the same time, he got into his profile, but I don’t think his Group Policies were in affect. Then I got an error. I forget what I was doing to generate it, but here it is.

"A Global Catalog cannot be located to retrieve the icons for the member list. Some icons may not be shown."

Then in Office 2, I went into Users and Computers on Server 1 and tried to open a Group Policy Object and got this error.

"Domain controller not found for domain.local" The Domain Controller for Group Policy operations is not available. You may cancel this operation for this session or retry using one of the following Domain Controller choices. Here are the choices:
-The one with the Operations Master token for the PDC emulator.
-The one used by the Active Directory Snap-ins.
-Use any available Domain Controller.
OK or Cancel.
I Canceled.

Due to these messages, I believe the problem is due to a Redundancy of Global Catalog Servers. I don't fully understand them. But my understanding is that by default, Global Catalog is installed on the first Domain Controller of a domain. Therefore I didn't install any additional and only have one. How many should I have for redundancy?

Thanks in advance.

Shannon
.

Relevant Pages

  • RE: Provide feedback to DC promotion/replacement
    ... "Masterplan" wrote: ... When I promote my dc3 to a domain controller, the first step is to enable GC ... the infrastructure master is also a global catalog it won't ever see any ... -the Infrastructure Master is not allowed to run on a Global Catalog Server ...
    (microsoft.public.windows.server.active_directory)
  • RE: Provide feedback to DC promotion/replacement
    ... When I promote my dc3 to a domain controller, the first step is to enable GC ... the infrastructure master is also a global catalog it won't ever see any ... -the Infrastructure Master is not allowed to run on a Global Catalog Server ... "Masterplan" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • RE: Provide feedback to DC promotion/replacement
    ... "Masterplan" wrote: ... When I promote my dc3 to a domain controller, the first step is to enable GC ... the infrastructure master is also a global catalog it won't ever see any ... -the Infrastructure Master is not allowed to run on a Global Catalog Server ...
    (microsoft.public.windows.server.active_directory)
  • Re: W2k3 Problems
    ... The other is our Exchange Server. ... > The DNS server has encountered a critical error from the Active Directory. ... > Replication Service while polling the Domain Controller dc01.restons.co.uk ... > NSPI Proxy failed to connect to Global Catalog dc01.restons.co.uk over ...
    (microsoft.public.windows.server.general)
  • RE: splitting network between sbs 2003 and server 2000
    ... > windows 2000 server from the existing SBS 2003 domain. ... > access the window 2000 server, you need to promote the window 2000 server ... > to domain controller and configure it as global catalog as well. ...
    (microsoft.public.windows.server.sbs)