FSMO's and GC's

[JEG]

I have three win2k servers all running Active Directory.

Server "A" has all five roles and is a global catalog.
Servers "B" and "C" only have global catalog.

I would like to move the RID, PDC and Infrastructure to
Server "B" and demote
Server "C".

Do I need more than one GC in a single domain on the same
LAN?

Looking for suggestions.

Thanks,
AD Challenged

 

[Herb Martin]

I have three win2k servers all running Active Directory.

Server "A" has all five roles and is a global catalog.
Servers "B" and "C" only have global catalog.

I would like to move the RID, PDC and Infrastructure to
Server "B" and demote Server "C".

Use either AD Users & Computers to move THOSE three roles,
or NTDSUtil to move any/all of the five roles.

Do I need more than one GC in a single domain on the same
LAN?

No technically but it will harm nothing -- with one domain you have
"all info" on every DC anyway.

Two (plus) per site (from any domain) are usually considered a good idea in
multi-domain forests.

Note that a GC is really a "Forest job" (not a "domain job")

 

[Brett Shirley [msft]]

Also note you should not have any _non-GC DCs_ if you have more than
one domain, and the Infrstructure FSMO (role) is on a GC. That wasn't
very clear, put another way, the Infrastructure FSMO must be on a
non-GC, unless every DC is a GC, or _I think_ you have one domain.

Thanks,
BrettSh [ @ MSFT, I'm sure you could figure out the email address if
you tried, but hopefully the SPAMers won't ]

<typical msft disclaimer here ...>

 

[Herb Martin]

Also note you should not have any _non-GC DCs_ if you have more than
one domain, and the Infrstructure FSMO (role) is on a GC. That wasn't
very clear, put another way, the Infrastructure FSMO must be on a
non-GC, unless every DC is a GC, or _I think_ you have one domain.

Your last is correct so he does NOT (necessarily) need to split the GC
and Infrastructure master.

That is only essential in a multi-domain Forest -- the Infrastructure master
runs a periodic process that compares itself to the GC to determine if
any objects from other domains have been (cosmetically) renamed & fixes up
any
discrepancies -- with a single domain such descrapancies, between multiple
domains, are impossible.


--
Herb Martin

Thanks,
BrettSh [ @ MSFT, I'm sure you could figure out the email address if
you tried, but hopefully the SPAMers won't ]

<typical msft disclaimer here ...>

Use either AD Users & Computers to move THOSE three roles,
or NTDSUtil to move any/all of the five roles.


No technically but it will harm nothing -- with one domain you have
"all info" on every DC anyway.

Two (plus) per site (from any domain) are usually considered a good idea in
multi-domain forests.

Note that a GC is really a "Forest job" (not a "domain job")

 

[JEG]

What I'm understanding is : One Forest with one site
having one domain = one GC.
You neither nor loose or gain by having more than one GC
in this scenario.

Is it even necessary to move the RID,PDC an Infrastucture?
I have 400 users and about 50 win2k servers in a single
domain.

Thanks
JEG

-----Original Message-----

Also note you should not have any _non-GC DCs_ if you have more than
one domain, and the Infrstructure FSMO (role) is on a GC. That wasn't
very clear, put another way, the Infrastructure FSMO must be on a
non-GC, unless every DC is a GC, or _I think_ you have

one domain.

Your last is correct so he does NOT (necessarily) need to split the GC
and Infrastructure master.

That is only essential in a multi-domain Forest -- the Infrastructure master
runs a periodic process that compares itself to the GC to determine if
any objects from other domains have been (cosmetically) renamed & fixes up
any
discrepancies -- with a single domain such descrapancies, between multiple
domains, are impossible.


--
Herb Martin

Thanks,
BrettSh [ @ MSFT, I'm sure you could figure out the email address if
you tried, but hopefully the SPAMers won't ]

<typical msft disclaimer here ...>

I have three win2k servers all running Active Directory.

Server "A" has all five roles and is a global catalog.
Servers "B" and "C" only have global catalog.

I would like to move the RID, PDC and Infrastructure to
Server "B" and demote Server "C".

Use either AD Users & Computers to move THOSE three roles,
or NTDSUtil to move any/all of the five roles.

Do I need more than one GC in a single domain on the same
LAN?

No technically but it will harm nothing -- with one domain you have
"all info" on every DC anyway.

Two (plus) per site (from any domain) are usually

considered a good idea
in

job")

.

 

[Herb Martin]

What I'm understanding is : One Forest with one site

having one domain = one GC.
You neither nor loose or gain by having more than one GC
in this scenario.

Is it even necessary to move the RID,PDC an Infrastucture?
I have 400 users and about 50 win2k servers in a single
domain.

Some people make ALL a GC in that scenario. Technically
(it seems) a GC is still needed in Native mode Win2000 for
logon and since there is NO BURDEN to making them all
GCs many people make all DCs a GC with one small domain.

General principle is that you don't need to SEPARATE in single
domain Forest, but you still need a GC, especially in native mode.
(Universal groups are stored on GC.)

 

[JEG]

Thanks for all the info!

-----Original Message-----

Some people make ALL a GC in that scenario. Technically
(it seems) a GC is still needed in Native mode Win2000 for
logon and since there is NO BURDEN to making them all
GCs many people make all DCs a GC with one small domain.

General principle is that you don't need to SEPARATE in single
domain Forest, but you still need a GC, especially in native mode.
(Universal groups are stored on GC.)

--
Herb Martin


.