Re: Global Catalogs needed in every AD domain??
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 01/08/05
- Next message: Joe Richards [MVP]: "Re: How can I add trusted groups to DL-groups with dsmod or other cl-t"
- Previous message: Joe Richards [MVP]: "Re: mangled attributes"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 08 Jan 2005 10:16:26 -0500
Well maybe if that is the only DC with GC functionality in the root domain and
depending on OSes being used and how they are being used. :o)
There is a bug involving Windows 2000 ADUC, commas in the DN of the user object,
groups, and GCs missing from the specified domain. If this is an empty root and
by that I mean truly empty and you aren't using userids from it for any
functions (not just Exchange) or you don't use ADUC for account manipulation you
are ok. The problem is pretty silly, it doesn't hurt anything in AD but it won't
allow you to add users to a group under the circumstances mentioned above. MS
will not be fixing this in the 2000 version of ADUC so it is fairly easy to get
around unless you are all Windows 2000.
As for Windows Server 2003... There are no issues with this that I am aware of
at the present time, however you can't ever positively say there are no issues,
you can only say when there are known issues. This is why MS tells you to test
your specific circumstance in the lab prior to implementation in production.
As for Exchange, depending on your size, consider setting up a dedicated site
for Exchange and only place the GCs you want to be accessed by Exchange in that
site or possibly a dedicated site for your forest root DCs and don't place any
Exchange Servers in that site. Note that this "site" could be physically located
in the same place and just encompass a small part of a subnet or specific IPs even.
Alternatively you could write a script that hard sets what GCs are used by
Exchange that constantly runs from the scheduler to update the list as needed to
exclude GCs/DCs based on your own criteria.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Rob wrote: > Hello - I am wondering if anyone can comment on if there are known issues > with removing GC functions from empty root DC? Without diving down to deep > in the reason we are considering taking this step to eliminate the > possibility that Exchange 2003 will try to expand mail-enabled global groups > (DL) using empty root global catalogs/domain controllers. We will have > plenty of GC capability on a child domain's domain controllers and we will > be addressing FSMOs too. Can anyone comment on whether this may pose a > problem? > > TIA, > > Rob > > >
- Next message: Joe Richards [MVP]: "Re: How can I add trusted groups to DL-groups with dsmod or other cl-t"
- Previous message: Joe Richards [MVP]: "Re: mangled attributes"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
