Global Catalog Failure

[Guest]

My global catalog failed in my test domain, there is no inexpensive way to
rebuild it so I have opted to buy an new one. This may me begin to question
what I would do if I had a irrepairable failure of the global catalog in my
real network. How do you replace the global catalog in an active directory,
one that has 5 child domains?

 

[Jorge de Almeida Pinto [MVP]]

Assuming you at least have TWO DCs in each domain.

If a DC/GC dies on you, you could:
(1) Restore it from backup
(2) Cleanup its metadata
(http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx) and
rebuild it from scratch
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Paul Bergson]

Since you don't need to backup all your dc's there are several scenarios.
For simplicity sake we will say that if the Domain Controller (Global
Catalog Service) had no fsmo roles residing on it, you could simply cleanup
metadata and bring up a new server and promote it to a dc.

http://support.microsoft.com/Default.aspx?id=216498

But remember this is a really simplistic situation. You could have dns,
wins, TS Licensing, etc... running and all of these pieces of the server
need to be addressed.

What I would suggest is evaluating your infrastruture and building a DR text
paper to help you in the event of an emergency so you will have a starting
point on how to rebuild in the event of major problems.

DR
http://www.microsoft.com/technet/community/events/windows2003srv/tnt1-80.mspx

 

[Herb Martin]

My global catalog failed in my test domain, there is no inexpensive way to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global catalog in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

 

[Guest]

No misunderstanding we only have one global catalog, we are a small company
with limited resources. Why should there be more than one global catalog?

My global catalog failed in my test domain, there is no inexpensive way to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global catalog in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

My global catalog failed in my test domain, there is no inexpensive way
to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

I have 5 child domains in a single forrest and one global catalog. Yes I was
instructed that a singular global catalog was fine and that BDC were a thing
of the past. So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

My global catalog failed in my test domain, there is no inexpensive way
to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

I tried to promote my DC to a GC (in my test domain)and it looked like it was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set to
backup at this time. But I was never able to disjoin the old GC and things
never worked right so I rebuilt my test domain. This makes me concerned about
the real network and disaster recovery. Any ideas?

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me begin to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Paul Bergson]

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing. Knowing
which switch options to select may not always be simple, but with this front
end click and go.

You will still need the two command line tools. If you don't have the tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details to
a text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server or
a remote DC via a text box.

This script is customizable. The storage location of the script storage of
the output logfiles and diagnostic tools are modified by a const definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

I tried to promote my DC to a GC (in my test domain)and it looked like it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set to
backup at this time. But I was never able to disjoin the old GC and things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Yes I have used netdiag and dcdiag before and I have installed the support
tools. But it does nothing when you have a hardware failure. My biggest issue
is to provide failover at an economical cost

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing. Knowing
which switch options to select may not always be simple, but with this front
end click and go.

You will still need the two command line tools. If you don't have the tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details to
a text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server or
a remote DC via a text box.

This script is customizable. The storage location of the script storage of
the output logfiles and diagnostic tools are modified by a const definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

I tried to promote my DC to a GC (in my test domain)and it looked like it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set to
backup at this time. But I was never able to disjoin the old GC and things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


:

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp. logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Paul Bergson]

I must have misunderstood your original question. If you have only a single
dc in your domain and you lose that dc then you will be in trouble. Your
lan won't be able to authenticate and all users will be using cached
accounts for local access. If you placed a second dc in your domain and
that had dns and a gc on it you have created a more fault tolerant AD. You
would need to then go back to your clients and point the second client dns
server to this new server. Thereby losing a DC won't be catrostropic and it
will give you an opportunity to rebuild the lost dc while the rest of the
network still functions close to normal.

If you had to rebuild a machine there are recovery pieces in place to clean
out the old server and its connections to AD (Metadata cleanup). But the
important piece is to have more than 1 dc in your domain.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

Yes I have used netdiag and dcdiag before and I have installed the support
tools. But it does nothing when you have a hardware failure. My biggest
issue
is to provide failover at an economical cost

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing.
Knowing
which switch options to select may not always be simple, but with this
front
end click and go.

You will still need the two command line tools. If you don't have the
tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details
to
a text file and calls this text file up at the completion of the test.
This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server
or
a remote DC via a text box.

This script is customizable. The storage location of the script storage
of
the output logfiles and diagnostic tools are modified by a const
definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no
rights.

I tried to promote my DC to a GC (in my test domain)and it looked like
it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set
to
backup at this time. But I was never able to disjoin the old GC and
things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

:

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


:

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me
begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an
active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp.
logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Yes I have used netdiag and dcdiag before and I have installed the support
tools. But it does nothing when you have a hardware failure. My biggest
issue
is to provide failover at an economical cost

Paul is helping too and this week and next I am teaching (12
hour days) so may respond slowly.

First, you SHOULD have more than one DC if possible.
And for small forests or single domain forest EVERY DC
should be a GC.

You SHOULD be able to make a DC a GC even if their
is no other GC.

Second: You should have an SYSTEM STATE backup of
two or more DCs for recovery.

If you only have one DC, then the SYSTEM STATE backup
is even more critical. (And you likely need a full backup
of the machine as well, but the system state is for recovering
the AD.)

If you are running Win2003 server I would recommend an
ASR backup which is a 'superset' of the System State backup.

If you have a quality backup utility you might have some
feature there that allows for restoring from a bootable CD
but the above is a MINIMUM.




--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

You should some tests against your production system if you are concerned
about its helth.

If you need to run diagnostics against your Active Directory domain.
Microsoft has written two good command line utilities that provide
information to help troubleshoot problems you maybe experiencing.
Knowing
which switch options to select may not always be simple, but with this
front
end click and go.

You will still need the two command line tools. If you don't have the
tools
installed, you can install them from your server install disk.

d:\support\tools\setup.exe -or- The links to the files reside on the
script download page listed below.


The script provides the option to run individual tests without having to
learn all the switch options. It automagically outputs the test details
to
a text file and calls this text file up at the completion of the test.
This
makes it much easier to read and save the details for future use and
analysis.

The front end is an hta file that provides check boxes, radio buttons and
dialogue boxes for input. You have the option to select the local server
or
a remote DC via a text box.

This script is customizable. The storage location of the script storage
of
the output logfiles and diagnostic tools are modified by a const
definition
in the working storage section.

The script is at http://pbbergs.dynu.com/windows/windows.htm, click
downloads and then select the DCDiag GUI..., download it and save it to:
c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no
rights.

I tried to promote my DC to a GC (in my test domain)and it looked like
it
was
but it didn't work that way.
I lost my GC to a hardware failure and my test domain has not been set
to
backup at this time. But I was never able to disjoin the old GC and
things
never worked right so I rebuilt my test domain. This makes me concerned
about
the real network and disaster recovery. Any ideas?

:

I have 5 child domains in a single forrest and one global catalog.

With five domains you must EITHER:

1) Make every DC a GC (or)
2) Make sure the INFRASTUCTURE Masters are NOT GCs

(Making an IM a GC interferes with it's function but if every DC
in the forest is a GC that become irrelevant.)

Note: You should NOT make every DC a GC in a LARGE forest,
but you have indicated this is not the case for your network.

Yes I was
instructed that a singular global catalog was fine

In general, that is bad advise you were given.

You should have a MINIMUM of one GC per SITE.

You should have a MINIMUM of two GCs per site for fault tolerance.

Generally this means you want to have 2 x Sites GCs as a working
minimum.

But with small forests you can just make all DCs GCs and get
fault tolerance for practically no cost.

and that BDC were a thing
of the past.

NT-BDCs are still supported but Win2000+ DCs are neither
"Primary" (PDC) nor "Backup" (BDC) - they are just DCs.

You can have as many DCs per domain as you wish (as make
sense, as you can afford.)

So how can I have a global catalog at each? Is this a working
network structure you currently have in place?

Yes. Most everyone with single domain forests or small forests
(or such customers) does this once they understand what GCs
do and the implications.

For large forests, the rule of 2 x Sites = GCs PLUS more for
performance of "network applications" (e.g., Exchange) is used.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


:

No misunderstanding we only have one global catalog,

The implication of the SINGULAR is that you believe that
you are to have but one GC....

we are a small company with limited resources.

And since you already have multiple DCs you can have
multiple GCs for free.

Why should there be more than one global catalog?

For fault tolerance. You need a GC for reliable logins
AND for other purposes (e.g., Exchange etc.)

Since you have multiple DC and a SMALL forest of one
domain you should just make EVERY DC a GC.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

:

My global catalog failed in my test domain, there is no
inexpensive
way
to
rebuild it so I have opted to buy an new one. This may me
begin
to
question
what I would do if I had a irrepairable failure of the global
catalog
in
my
real network. How do you replace the global catalog in an
active
directory,
one that has 5 child domains?

You question has been answered by Jorge and Paul.

Just make a new GC (and NTDSUtil metadata cleanup any
lost DCs.)

BUT there is also a strong implication of a misunderstanding
in the question above: "My global catalog" (in the SINGULAR.)

You should generally have more than one GC; you should have
at least one PER SITE, and more for fault tolerance (esp.
logins.)

With a single domain forest you should just make ALL DCs into
GCs, but you have 6 domains (domain plus 5 children) so this
does not apply to you.

If one of the domains holds the vast majority of objects or the
forest isn't very big you may STILL CONSIDER making every
DC a GC.

In any case, if you have a LARGE forest then you need more
GCs (but may not all DCs.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]