DC Contains Global Catalog is down

[MA P]

I have two DCs and the one handles operations master roles and Global
Catalog was down due to hardware problem. Can I transfer the role to other
DC even the other DC is down? Will there be no problem if the original DC
went up and the roles has been transferred to other DC? Btw, Im using
Windows 2000 Domain.

 

[Andrei Ungureanu [MVP]]

If you transfer (seize) the roles when the other DC is down, you should
never bring that DC back online.
And if you have only one domain, go make all your DCs global catalogs.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[Herb Martin]

In a single domain forest (or small multi-domain forest) you should just
make every DC a GC.

I have two DCs and the one handles operations master roles and Global
Catalog was down due to hardware problem. Can I transfer the role to other
DC even the other DC is down?

No, but if there were an urgent reason you could "seize" the role(s).

Will there be no problem if the original DC went up and the roles has been
transferred to other DC?

Yes, you must NOT do that -- if the original role holder is repaired then
it must be "DCPromo-cycled" to non-DC before bringing it online, and
back to DC afterwards.

 

[MA P]

is this the reason why my network slows down when browsing objects on active
directory? like for example, searching printers, username on AD. It
sometimes gives no result and sometimes it gives when you retry it.

 

[Steve Parry]

In

is this the reason why my network slows down when browsing objects on
active directory? like for example, searching printers, username on
AD. It sometimes gives no result and sometimes it gives when you
retry it.

yes if it's having difficulty contacting the catalog, if you make all DC's
GC's then it provides greater performance, redundancy and stability.

 

[Herb Martin]

is this the reason why my network slows down when browsing objects on
active directory? like for example, searching printers, username on AD. It
sometimes gives no result and sometimes it gives when you retry it.

Possibly, but that is not "browsing" -- Browsing is a NetBIOS function,
while you are describing Finding objects in AD it appears.

You need a GC, especially when searching cross domain in a
multi-domain forest.

You need a DNS server that can resolve all internal (and external)
names -- your client machines must NOT use any other DNS servers
(.e.g., the ISP or a gateway DNS server) which cannot resolve
internal names, NOT even as the alternate.

Bringing a seized role holder back online can cause all sorts of
mysterious or subtle errors rather than immediate or catastrophic
failures. DCPromo any such 'former' role holder to non-DC
(and re-DCPromote it if you wish.)

 

[Kevin D. Goodknecht Sr. [MVP]]

In a single domain forest (or small multi-domain forest) you should
just make every DC a GC.

In a Forest with two or more DCs in each domain, the recommendation is that
the Infrastructure Master in each domain not be a Global Catalog. The actual
MS recommendation is that the Infrastructure Master not be a GC if you have
two or more DCs.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Herb Martin]

In a Forest with two or more DCs in each domain, the recommendation is
that
the Infrastructure Master in each domain not be a Global Catalog. The
actual
MS recommendation is that the Infrastructure Master not be a GC if you
have
two or more DCs.

UNLESS you can make every DC a GC. In which case there is no
reason for the GC and Infrastructure Master to be separated.

This is possible if the multi-domain forest is reasonably small. Reasonably
is relative to the speed and bandwidth of the WAN lines and the actual
pattern of how things change.

 

[Jorge de Almeida Pinto [MVP - DS]]

TRANSFERING roles: when both source DC and destination DC are still up and
running
SEIZING roles: when source DC is down and destination DC is up and running

now, because a DC with the FSMO roles is not available it DOES NOT mean you
immediately should seizing all the roles hosted by that DC. If for example
that DC is down for maintenance and it will come back later it is not needed
to seize the roles. Of course, other DCs might complain a FSMO role not
being available, but really depends on what they are complaining about.

SCHEMA FSMO: extending schema
DOMAIN NAMING FSMO: adding/removing domains into/from the forest
PDC FSMO: time sync, DFS stuff, password chaining
RID: handing out RID pools to other DCs asking for new ones. unless you are
creating a crap load of security principals (users, groups, computers) you
might need to seize the role
INFRA FSMO: important in a multidomain forest env.

if you seize a role, make sure the old FSMO role owner DOES NOT come back.
Destroy its installation, cleanup its metadata in AD, make sure the roles
(DNS, WINS, DHCP, etc) it might host are moved onto another DC
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx