Subject: Re: Best practice on AD
Date: Wed, 24 Mar 2004 14:04:13 -0600
Lines: 63
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <#
[email protected]>
Newsgroups: microsoft.public.win2000.active_directory
NNTP-Posting-Host: host-63-238-125-3.tncii.com 63.238.125.3
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:70931
X-Tomcat-NG: microsoft.public.win2000.active_directory
What are the steps on making the other dc a GC. Do i just check that one box
to make it a GC. Also i dont understand what you mean by seize the roles if
the ROLE HOLDER crashes. Is there any documentation on this.
thanks
My setup is as follows, I have 2 DC and 1 exchange 2k member server. I
know
that the root DC contains the global catalog and fsmo roles.
Actually in a single domain, neither is referred to as the "root DC."
They are only different (the DCs) due to the FSMO roles and
perhaps the GC.
What is the best practice for protecting the global catalog server.
As Jeff, said it is best to have at least GCs (per site actually.)
In a small single domain forest (or even a few domains of small size)
it frequently makes the most sense to just let them all be GCs.
Can i have the GC on both DC.
You can have as many GCs as you wish (up to the total of all DCs
in the forest.)
Reasons not to duplicate the GC further: The GC holds a PORTION
of the info on every object in the forest. In a single domain forest, all
the info is on every DC anyway and the GC job adds little but if you
imagine a LARGE forest with say, 5 domains of 100,000 users each
and then realize that the GC must hold a reference to 500,000 user
objects (plus machines etc.) it is obvious that as the domains and
sizes grow it makes more sense to use only as many GCs are
necessary for fault tolerance and performance.
Normal it two GCs per site, with more if you have large sites that
are slow to do forest wide searches (of AD info.)
What do i do if the Root DC crashes and cant be fixed. I do a full
backup of it every night.
If the ROLE HOLDER crashes (not the root) then you must EITHER
restore it expeditiously, OR you must (eventually) seize the roles.
If you seize the roles, then you must NEVER restore it even if it is
subsequently fixed -- SEIZING the roles is a serious step.
--
Herb Martin
thanks
Dan