Mixed Mode and GC's

Guest · Feb 10, 2005

Someone told me in a native mode AD domain, if a wan link fails at a site
with no gc, users will not be able to authenticate and logon, however if the
AD domain was in mixed mode and the wan link failed users WOULD be able to
authenticate and logon? this does not make sense to me can anyone explain -
the site has a dc and the AD domain contains no nt domain controllers. thanks
in advance.

Matjaz Ladava [MVP] · Feb 10, 2005

This is because in mixed mode domain there is no universal groups, which are
stored in gc's. that is why during logon in native mode domain gc's are
contacted to process universal group membership. Also gc's are used if you
use UPN logon.

--
Regards

Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: (e-mail address removed), (e-mail address removed)

Joe Richards [MVP] · Feb 12, 2005

You can force DCs to still process the auth in absence of a GC in native mode by
setting ignoregcfailures in the registry on the DC. However if you do this DO
NOT USE UNIVERSAL GROUPS for DENY. I wouldn't recommend it for GRANTS as well.

joe

Herb Martin · Feb 13, 2005

panther3 said:
Someone told me in a native mode AD domain, if a wan link fails at a site
with no gc, users will not be able to authenticate and logon, however if the
AD domain was in mixed mode and the wan link failed users WOULD be able to
authenticate and logon? this does not make sense to me can anyone explain -
the site has a dc and the AD domain contains no nt domain controllers. thanks
in advance.

The other responders have pretty much answered your question.

In Native mode (non-Admin) users will be blocked
from logging on if not GC is reachable.

Admin can logon to FIX the problem despite this.

A setting (Joe's message) can override this behavior.

You really should have a least one RELIABLE GC
per site -- if fault tolerance is necessary for your
users' access to domain resources you may need more.

If you are functioning in Mixed mode then the odds are
very good that your forest is small and so it may be
quite practical to have every DC be a GC.

There is no disadvantage to having every DC be GC
in a single domain forest.
[/QUOTE]

Mixed mode / Native mode again	5	Sep 29, 2003
NT4 to 2000 / 2003 Exch	2	Jun 7, 2007
Migrating users, computers and local profiles W2K mixed-mode AD	1	Jul 7, 2004
URGENT!!!! Can't Authenticate With Domain Controller	2	May 2, 2008
upgrading domain/forest function level question	3	Jul 3, 2006
Switching from Mixed to Native Mode (windows 2000 Active Directory)	10	May 2, 2006
Ad Mixed mode vs native mode	3	Sep 1, 2003
Upgrading to native mode	1	Aug 7, 2006

Mixed Mode and GC's

Guest

Matjaz Ladava [MVP]

Joe Richards [MVP]

Herb Martin

Ask a Question

Similar Threads