GC and DC question

G

Guest

Hi

I have a 2003 single domain, all DC's are 2003. There are 13 sites in the
domain all connected by high speed reliable physical links. At each site
there are around 100 users amd at the corporate site there are around 500
users. I have 13 remote sites in all.

Currently i have only one GC server (headquarters), there is a DC at each
remote site. My question is does a DC have to talk to a GC everytime a user
logs onto the domain, and if so if this process is slow will this slow down
the log on process? Also does a DC at a remote site hold copies of all user
acounts and groups, or does a DC need to query a GC to get this info?

I need to find out the relationship between a GC server and a DC in a domain
so that i can determine if i need to install a GC server at each remote site,
or just a DC at each site.

Thanks very much for any help
 
R

Ryan Hanisco

Hi Skipster,

If you have your sites defined in Active Directory Sites and Services, you
should have a GC at each site in your infrastructure. Computers looking for
directory information will refer to the GC for this information and greatly
reduce their reliance on the WAN link as they'll no longer have to refer to
the Core for AD lookups.

You should also have an AD Integrated of DNS at each site -- While this
isn't a hard and fast rule, it is a general recommendation and will give you
the resilience you are looking for in the case of a link outage.
 
G

Guest

Hi Ryan thanks for the reply

When you say "directory information" is this data not stored in DC's but
rather only in GC's? also what type of data for example would make up
directory information? I will assume that a user at a remote site that has a
DC installed in the site will be able to log into the domain as its the local
DC for the site that does the authentification and not the GC server for the
domain? or does the DC at the remtoe site have to query the GC server for the
domain everytime a user at a remtoe site logs onto the domain?

Thansk again
 
R

Ryan Hanisco

It will query every time a user logs in, refreshes a GPO, or refreshes an
access token.

Like I said.... You need a GC in every site.
 
G

Guest

Ok gotcha so without a GC server at each site then whenever a user logs into
the domain at a remote site the remote sites DC msut quesry a GC server on
the domain to examin group memberships and GPO's. If i understand thsi
correctly if a GC server is not located at each remote site then when a user
logs in to the domain the sites DC must go over the WAN to locate a GC so
that it can determine GPO's OU's and group membership's?

If this is correct then what it seems that the role of a DC is mainly to
locate GC's and SRV records on the domain, and its GC that does the brunt of
the work?

Thanks again really appreciate your help
 
R

Ryan Hanisco

Skipster,

The role of the DNS is to do the locating of all of this through its SRV
records.

The DC is authoritative for changes to the AD and is responsible for the
management and availability of the AD database in a distributed form.

The GC is a flattened version of the AD -- kind of like an index in a
database. This makes searching faster and responds to the AD queries
against the AD's backend without having to walk the tree from the root.
 
G

Guest

Ok, ok it is starting to tke shape now in my head. could a 2003 DC in a site
and the site did not have a GC server in it take advantage of universal group
caching? would this feature replace the need to install a GC server in the
site?

Thanks a million
 
R

Ryan Hanisco

This one I'll have to do some digging and verify my understanding before
getting back to you. I don't want to give you wrong information.

I will say though, that there is no additional cost or problem putting a GC
in every site -- since you already have a DC there. I do, however,
understand your wanting to understand exactly how this works.

I'll get back to you this evening. Maybe one of the other people knows off
hand and will be able to shoot you a quick answer.
 
G

Guest

Thanks again appreciate all your help

Ryan Hanisco said:
This one I'll have to do some digging and verify my understanding before
getting back to you. I don't want to give you wrong information.

I will say though, that there is no additional cost or problem putting a GC
in every site -- since you already have a DC there. I do, however,
understand your wanting to understand exactly how this works.

I'll get back to you this evening. Maybe one of the other people knows off
hand and will be able to shoot you a quick answer.
Click to expand...
 
G

Guest

Hi Skipster this is basha
You think exactly right.Instead of having GC at every site you can enable
the "Universal group caching" which works on behalf of GC
Go ahead
"Best of luck"
 
H

Herb Martin

Basha said:
Hi Skipster this is basha
You think exactly right.Instead of having GC at every site you can enable
the "Universal group caching" which works on behalf of GC
Click to expand...

Universal Group Caching is not fully equivalent to having a GC, and whenever
feasible you should have at least one GC per site.

In a single domain forest (or a small multi-domain forest) every DC should
be a GC since their is no disadvantage.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Question (in theory) on GC/DC failure and services starting 1
DC, not a GC 3
NEW DC 1
[Long] Clearing GC check box caused child domain to be deleted! 5
Clients are not getting logged in from local DC 2
User can't browse web when site dc is down 2
Global Catalogs in Multiple Domain forest 6
Slow Logons and Can't open files 0

Top