DC, not a GC

[technion]

Hey,

I have done some reading about AD and the like, and I'm fairly sure I
get what a Domain Controller does, and what a Global Catalogue server
does.

I am aware that in general you need a GC at each site. What then, if
the point (if any) of having a DC which is NOT a GC?
There seems to be such a hoo-haa about picking the right machines for
your GC(s), and I'm curious why you would promote a server at all, if
it was not going to fulfil this function?

Any advice appreciated.

 

[Jimmy Andersson [MVP]]

If you want to search the whole forest you need the GC function (3268), or
if you have applications that specifically use port 3268 there are loads of
other reasons as well for instance performance etc.... You can find more
info here:
http://tinyurl.com/75yyq

Regards,
/Jimmy

 

[technion]

Hi Jimmy,

I've been presented with another series of reasons that you would want
your domain controller to be a GC.

This brings me back to the issue of, is it not better to make every DC
a GC?

I'm struggling to comprehend the information below, in context of
recommendations I see around the place, along the lines of "three DC's,
two are a GC". What is the point of that third DC, which is not a GC?

 

[Jimmy Andersson [MVP]]

If you have sufficient HW there is "no" (I know there is in certain
scenarios) reason to not have all DCs as GCs. But if you don't have all DCs
as GCs you have to think about the IM FSMO. The reason for this is phantoms,
and you can read more about it here: http://tinyurl.com/ajl42

FYI - info from a MS article (I think AD SDK) I don't remember the name of:
Searching the global catalog has the following benefits:

a.. Global catalog enables you to search the entire forest or any part of
the forest as well as the schema and configuration containers.
b.. Global catalog enables you to perform a complete search on a single
server. No referrals or referral chasing is required.
Searching the global catalog has the following disadvantages:

a.. Global catalog contains a small subset of the properties on each
object. If your query filter includes properties that are not in the global
catalog, the query will evaluate the expressions containing those properties
as false. If you specify non-global catalog properties in the list of
properties to return, those properties are not retrieved.
b.. To search the global catalog, a domain controller that contains a
global catalog must be available. If one is not available, you cannot
perform a global catalog search.
c.. The global catalog is read-only. This means you cannot bind to an
object in the global catalog to create, modify, or delete objects.
Regards,
/Jimmy