G
Guest
Does anyone know where there is some doco on technet regarding Global catalogue servers. I am trying to determine what the pros and cons are for having single or multiple GCs in a single sit
TIA
TIA
L
Laura E. Hunter \(MVP\)
http://support.microsoft.com/?kbid=216970
If you're in Native Mode, your users will need to be able to contact a GC at
logon to determine Universal Group memberships. If they can't contact a GC
and don't have cached credentials on the workstation they're trying to log
onto, they won't be able to logon. The MS party line is to have at least 1
GC in each site to speed the logon process, though you can have more than 1
depending on your performance and fault-tolerance requirements.
This KB is also useful if you're in a multi-domain environment, to
understand how the GC role interplays with the various FSMO roles:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346
If you're in Native Mode, your users will need to be able to contact a GC at
logon to determine Universal Group memberships. If they can't contact a GC
and don't have cached credentials on the workstation they're trying to log
onto, they won't be able to logon. The MS party line is to have at least 1
GC in each site to speed the logon process, though you can have more than 1
depending on your performance and fault-tolerance requirements.
This KB is also useful if you're in a multi-domain environment, to
understand how the GC role interplays with the various FSMO roles:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346
M
Matjaz Ladava [MVP]
If you have one domain/forest configuration, that all DC's can be GC's as
they already have aa copy of all data in the domain. Can you provide more
info on your domain setup ?
--
Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)
they already have aa copy of all data in the domain. Can you provide more
info on your domain setup ?
--
Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)
E
Eric Fleischman [MSFT]
I'd add a few anecdotal pearls of wisdom here....take em for what they're
worth:
0) If you are in a single-domain forest, I recommend making all DCs in to
GCs. There's really just no reason not to.
1) There's no real answer here that is more accurate than test and monitor.
No matter what estimates you use you can't totally predict your user load.
If you have 1000 employees like me, you'll have a higher GC load than 1000
people that don't send as much mail. It's hard to compensate for that before
you deploy unless you just toss tons of hardware at it.
2) I recommend taking out a white board one afternoon and mapping out your
domains, users, workstations, etc. A huge map of who is where, what sites
they are in, what domains they are in, and where they access resources.
Sometimes after doing it people realize "wow, my domain structure doesn't
actually map what my people do every day".
My $0.02
~Eric
worth:
0) If you are in a single-domain forest, I recommend making all DCs in to
GCs. There's really just no reason not to.
1) There's no real answer here that is more accurate than test and monitor.
No matter what estimates you use you can't totally predict your user load.
If you have 1000 employees like me, you'll have a higher GC load than 1000
people that don't send as much mail. It's hard to compensate for that before
you deploy unless you just toss tons of hardware at it.
2) I recommend taking out a white board one afternoon and mapping out your
domains, users, workstations, etc. A huge map of who is where, what sites
they are in, what domains they are in, and where they access resources.
Sometimes after doing it people realize "wow, my domain structure doesn't
actually map what my people do every day".
My $0.02
~Eric
M
MStrider
with regard to point 0, how do I makeboth of my DC's into GC's, just in case
one fails.
one fails.
Eric Fleischman said:
C
Chriss3
Make a Domain Controller become a Global Catalog Server:
http://www.microsoft.com/windows2000/en/server/help/msmq_inst_set_gc.htm
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup
--------------------------------------------------------------------------
http://www.chrisse.se - Active Directory Tips
http://www.microsoft.com/windows2000/en/server/help/msmq_inst_set_gc.htm
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup
--------------------------------------------------------------------------
http://www.chrisse.se - Active Directory Tips
MStrider said:
E
Eric Fleischman [MSFT]
In AD sites and services simply expand each server, right click on the ntds
settings object under it, select properties and check the global catalog
check box.
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
settings object under it, select properties and check the global catalog
check box.
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
MStrider said:
M
MStrider
so this will give me redundacny if my first dc fails?
Eric Fleischman said:
E
Eric Fleischman [MSFT]
GC redundancy, but there are other forms too. Critical services (such as
DNS) also need be made redundant.
It's hard to say "yes" to a question like this as every environment is
slightly different.
~Eric
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
DNS) also need be made redundant.
It's hard to say "yes" to a question like this as every environment is
slightly different.
~Eric
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
MStrider said:
M
MStrider
I have 2 servers, both running DNS, and ADS. (fileshare etc is on different
machines)
DHCP is run from a different machine, so in theory if I have GC on both
DC's - if one goes down I will be ok?
machines)
DHCP is run from a different machine, so in theory if I have GC on both
DC's - if one goes down I will be ok?
Eric Fleischman said:
E
Eric Fleischman [MSFT]
If both are replicating properly and clients point to both for DNS a client
should not have issues with core AD functionality.
There could of course be other applications that have a dependency on a
specific DC, I don't know, I can only speak to core AD.
~Eric
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
should not have issues with core AD functionality.
There could of course be other applications that have a dependency on a
specific DC, I don't know, I can only speak to core AD.
~Eric
--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
MStrider said:
B
Bjarne Duelund
Eric Fleischman said:
And FSMO roles has to be taken care of manually.