Re: Universal Group Membership Caching

I'm afraid Jorge you got it wrong there.
Once you flip the DFL switch to 1, the KDC when authenticating a client really doesn't have visibility of the number of domains etc. that's why it looks for a GC to create the users Security Token. If it doesn't find one, it barfs. A failsafe measure.
That's why to cover that base, the first DC in a single domain forest is a GC!
Also, docs here: http://support.microsoft.com/kb/216970

Regards,

Austin

"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:%230TTsS0FIHA.4228@xxxxxxxxxxxxxxxxxxxxxxx
Hi
A GC will still need to be contacted for logon to succeed (Native mode assumed).

This isn't totally true.
Actually this is only true for Forests with multiple domains, but there are other situations where it doesn't apply, for example: in a single domain environment it doesn't apply.

--

===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message news:eWFCbeyFIHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
Hi RC,
Universal Group Membership Caching is a function of the DCs in the site you've enabled it on. If you have no DCs in the site, it will have no effect if the users logon to DCs in other sites that do not have UGMC enabled and have no local GCs. A GC will still need to be contacted for logon to succeed (Native mode assumed).

Regards,

Austin

"RC" <RichChristy@xxxxxxxxx> wrote in message news:1193330500.425707.138770@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you create a site, assign the appropriate subnets, but it doesn't
have a DC associated with the site and enable UGMC (universal group
membership caching) does UGMC still effectively do what it is designed
to do?

I would assume not unless you have a DC in that site right?

Thanks in advance.





.

Relevant Pages

  • Re: authentication domain
    ... you're absolutely right and that was my mistake, because I knew that I already tested or read it some where that there's a situation where site link cost was important and know I remember that was in that specific situation where you have a site with no DCs in... ... Jorge Silva ... We have a citrix server & was wondering on what DC will the citrix server ...
    (microsoft.public.windows.server.active_directory)
  • Re: Number of DCs/GCs per location
    ... it doesn't matter if all DCs are a GC! ... > "Jorge de Almeida Pinto" ... >>> installing Exchange Standard servers in each location along with a DC, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Questions about forest trust
    ... Not sure about the tweak that Jorge mentioned, maybe he can provide us more details about that. ... errors, my question is, would this setup eliminate the need for partner’s DCs ... to talk to my DCs on OUR network across firewalls? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Number of DCs/GCs per location
    ... In a single domain it matters little if all DC's are GC's. ... "Jorge de Almeida Pinto" ... >> installing Exchange Standard servers in each location along with a DC, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Creating Sub OUs Under The "Domain Controllers" OU
    ... no need to reboot the DC ... > Hi Jorge, ... I did consider that the DCs ...
    (microsoft.public.windows.server.active_directory)
Loading