Re: How many Global Catalog Servers are needed?
- From: SEgerton <SEgerton@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 06:39:01 -0700
Guys, Thanks for all the replys!!
I have another question. When i was building the domain, I was advised by a
Microsoft Tech when i called for support to use the .local extension. I
posted my last post in another room other then this one and a person replying
mentioned that it is not recommended to use .local. Do you guys have any
comments on this. He did send me a link that mentioned it is not recommended;
but why would a Microsoft Tech then tell me to do so? I don't know if this is
useful, but we aren't using exchange and not concerned about linking our
outside network with our internal. Here is the link he sent me.
http://technet2.microsoft.com/WindowsServer/en/library/4bb9f469-df87-4830-96a8-b28ec71bafa91033.mspx?mfr=true
Under Note...
****************************************************
Note
... Using single label names or unregistered suffixes, such as .local, is not
recommended.
****************************************************
Thanks again!!
Shannon
"Joe Richards [MVP]" wrote:
If you have but a single domain, make every DC a GC. There is no.
additional overhead to do so.
As you found out, GCs are needed during authentication. Specifically
they are needed for cracking UPNs if a UPN logon is used and for
resolving universal group memberships. You can disable the requirement
for a GC for auth but it is only safe to do if you are not using
Universal Groups for security, you can check into the IgnoreGCFailures
reg value.
You can also instead of those things enable Global Catalog Caching but I
really don't recommend it, there are more issues associated with it,
IMO, than benefits. It is just another hack workaround for issues that
shouldn't exist in the first place.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
SEgerton wrote:
I’m new to Active Directory; and I just started testing a new domain I’ve
been working on. On one particular test, I started having issues that I
believe are related to Global Catalogs. Let me first give an overview of the
structure of the domain, and the test that I was trying to perform. Then I
will give the errors that I came across.
I have two offices. Office 1 is our production office. Office 2 is for our
Disaster Recovery. In office 1 we have 3 servers. 2 servers are Active
Directory Domain Controllers, and the third server is a member server used as
a File Server. Both Domain Controllers are both Active Directory Integrated
DNS Servers. There is a T1 line that connects both Office1 and Office2. In
Office 2, I have the same setup. I joined the first two servers to the same
domain in Office 1 as Active Directory Domain Controllers. These two servers
are also Active Directory Integrated DNS servers. The third server in Office
2 is also a member server used as a File Server. The File Server in Office 2
is only used at the moment for replication of the File Server in Office 1.
For this we are using a third party replication software. This setup was put
together this way in the event of a disaster and office 1 goes down, users
can go to Office 2 and work.
Here is the test I tried. I turned off both server 1 and server 2 in Office
1, hoping that Active Directory would still work because of Server 1 and
Server 2 in Office 2. The redundancy is there for the Domain Controllers and
for DNS. But after the server were down. I tried logging into the domain on a
pc as a user, and the logon took a long time. At the same time, he got into
his profile, but I don’t think his Group Policies were in affect. Then I got
an error. I forget what I was doing to generate it, but here it is.
"A Global Catalog cannot be located to retrieve the icons for the
member list. Some icons may not be shown."
Then in Office 2, I went into Users and Computers on Server 1 and tried to
open a Group Policy Object and got this error.
"Domain controller not found for domain.local" The Domain Controller for
Group Policy operations is not available. You may cancel this operation for
this session or retry using one of the following Domain Controller choices.
Here are the choices:
-The one with the Operations Master token for the PDC emulator.
-The one used by the Active Directory Snap-ins.
-Use any available Domain Controller.
OK or Cancel.
I Canceled.
Due to these messages, I believe the problem is due to a Redundancy of
Global Catalog Servers. I don't fully understand them. But my understanding
is that by default, Global Catalog is installed on the first Domain
Controller of a domain. Therefore I didn't install any additional and only
have one. How many should I have for redundancy?
Thanks in advance.
Shannon
- Follow-Ups:
- Re: How many Global Catalog Servers are needed?
- From: Hank Arnold
- Re: How many Global Catalog Servers are needed?
- From: SEgerton
- Re: How many Global Catalog Servers are needed?
- References:
- Re: How many Global Catalog Servers are needed?
- From: Joe Richards [MVP]
- Re: How many Global Catalog Servers are needed?
- Prev by Date: Re: Problem with restricted groups
- Next by Date: Re: PERFDISK.DLL Error in Application Log.
- Previous by thread: Re: How many Global Catalog Servers are needed?
- Next by thread: Re: How many Global Catalog Servers are needed?
- Index(es):
Relevant Pages
|
