Re: Global Catalog
- From: "Paul Bergson" <pbbergs@xxxxxxxxxxxxx>
- Date: Fri, 12 Dec 2008 14:57:49 -0600
Remember you need a DC available to be provided a Kerberos ticket to gain access to remote services, so although a user will be able to logon locally but w/o a dc cached credentials will provide no relief to gain access to files/objects/services. Only localized access is possible in this scenario.
"If it is a one-domain-forest, you should be able to authenticate locally on the machines using cached credentials."
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:OSPJ75GXJHA.1528@xxxxxxxxxxxxxxxxxxxxxxx
Howdie!
sf= wrote:the file in my local server. Because, we fail to authenticate to AD
controller as the internet goes down.
If it is a one-domain-forest, you should be able to authenticate locally on the machines using cached credentials.
1. If I install AD controller on windows server 2003, should I enable
Global Catalog? Can I just install AD controller without enable global
catalog? As I know there is Global Catalog - less logon process.
Please correct me if I am wrong.
You can promote it to an DC without the need to GC it right away. It can be promoted to a DC-only (which is the standard for an additional DC for an existing domain pre-Winserver2008). I can't understand the last two sentences though.
2. If our Active Directory domain is created under Windows 2000
server. Should I install global catalog on my domain controller.
There are issues when running on Windows 2000 - putting a new attribute to the partial attribute set would cause the GC to re-sync all attributes in full. I'd urge you to look for Server 2003.
3. How big the size of file that need to be replicate in the
replication process?
That depends on your infrastructure.
4. Should all domain controller enable GC (global catalog), if the
domain is created in windows server 2003 or windows server 2000?
Since the bandwidth is slow, I'd do so.
Two options you have:
- Promote the server in the main office where it stands next to the main DC (with fast speed) and move it afterwards to the remote site (would need sites and services set up correctly).
- Look into the /ADV switch of DCpromo. That lets you specify a system state backup taken from ntbackup from the first DC. The dcpromo process will take the information from there to set up the new DC and only replicate the delta since the backup was taken.
cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
.
- References:
- Global Catalog
- From: sf=
- Re: Global Catalog
- From: Florian Frommherz [MVP]
- Global Catalog
- Prev by Date: Re: Building AD Sites
- Next by Date: Re: Restrict users to logon on the particular computer
- Previous by thread: Re: Global Catalog
- Next by thread: Re: Global Catalog
- Index(es):
Relevant Pages
|
