Re: GC question....

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Austin Osuide" <austin@xxxxxxxxxxx>
Date: Fri, 2 Nov 2007 14:28:02 -0000

I Stand correct!!!
In Theory AND in Practice, there is no need for a GC in a single domain environment.
The KB Paul referred to, which I've read before but somehow missed this line, states:
-----------------
When authentication occurs, the domain controller that is authenticating the user's logon request needs to locate a GC in order to construct the universal groups to which that user belongs. In the event that there is only one domain in the forest, all domain controllers contain the same data, so there is no need to locate a GC (even though any given server might be designated a GC).
-----------------
So, you see? In a single Domain Environment, an attempt to contact a GC is not even made. Which is why the test I mentioned before succeeds.

Regards,

Austin

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message news:uEdn3mVHIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx

No you need a GC for non-admins to authenticate.

http://support.microsoft.com/kb/216970

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Troy McClure" <n@xxxxx> wrote in message news:%23pabTeVHIHA.280@xxxxxxxxxxxxxxxxxxxxxxx
in a forest with a single domain, technically speaking do i NEED a GC server? since there is only one domain and no universal group membership, do i have the ability to remove the GC if i wanted to? in other words... a GC is created by default on the first DC. if this is the only DC can i uncheck the GC option and function like that?

this is just a curiosity

References:
- GC question....
  - From: Troy McClure
- Re: GC question....
  - From: Paul Bergson [MVP-DS]

Prev by Date: Re: GC question....
Next by Date: possible security worry
Previous by thread: Re: GC question....
Next by thread: Re: GC question....
Index(es):
- Date
- Thread

Relevant Pages

Re: moving PDC to another DC after crash
... In a single domain environment, it's bes to just mark all teh DCs as GCs, as ... they won't have any extra data. ... Windows Server MVP ... > allowed all 5 roles and global catalog. ...
(microsoft.public.win2000.active_directory)
Re: Global Catlog Issue
... In a single domain environment this wont cause any more traffic, or if it does, it'll be negligable. ... You can find GC in AD Site and Service under individual server, ... > PDC TO the new BDC like RID MASTER.INFRASTRUCTURE ... > and the Global Catalog Roles using Transfer method to the ...
(microsoft.public.win2000.active_directory)
Re: Multiple GCs
... Make sure that you GC isn't on the server that holds the Inf master ... Universal Group membership lists. ... In a single domain environment ... DC's already have all the domain info. ...
(microsoft.public.windows.server.active_directory)
Re: newbee questions
... if you do 'monkey around' with them it is suggested that the DC ... is also a Global Catalog Server'. ... in a single domain environment there is no other domain ( ... One possible solution is to make a DCs also Global Catalog ...
(microsoft.public.win2000.active_directory)