It could be that this was the only GC in your environment ( especially if
you use Universal Groups ). It could also be that this one DC holds all of
the FSMO roles ( or at least the PDC Emulator ).
You are mostly correct in that in WIN2000 all domain controllers are created
equally. However, as Dave Shaw likes to say, some are created more equally.
You might want to consider making all of your DCs Global Catalog Servers.
In the event that one of your DCs goes down you would need to transfer any
of the five FSMO Roles that it held to another DC. You can do this either
via the MMCs or via ntdsutil. They key is that you are transferring. You
would not necessarily want to use the seize procedure ( this is when that DC
goes down in a most unfriendly manner and will not be coming back on the
network ).
HTH,
Cary
kerberos1024 said:
I have one domain in my LAN network with three domain controlers. Two of
the domain controlers are Win 2000 and one is 2003. I have everything set
up the way it should be i beleive. However, i thought having other DC in
the same domain they could handle authentication of client domain users. I
tried it one day and took the head domain controller off the network and no
one could authenticate with domain user accounts. Could somebody please
advise me on what i need to do to fix this or if it is even possible.
Thanks!
