Role of Global catlog in single domain in LAN

  • Thread starter Thread starter Srinivas Acharya
  • Start date Start date
S

Srinivas Acharya

Hi All,
I have single site, single doamin Lan network. Some body
told that if global catlog is down, user can't login
(assuming he is not loged in before and he is not having
cashed profile). But I could login for the first time when
the global catlog of domain is down. Then I wondering, in
typical LAN network of single domain, what is the role of
global catlog?. Does it take part login and authentication?..


Regards,
Srinivas Acharya
 
The GC *is* used in authentication, regardless of the number of domains, and
especially regardless of the physical topology. The administrator account
bypasses this - that can logon without a GC, and yes, if a user has logged
on before they will logon with cached creds.

The GC is queried by the authenticating DC to see what universal group
membership the user has, and to see what domain the user is in if they are
logging on using a UPN.

I believe this behaviour is in native mode only (though could be wrong).

Here's an article (I've not read recently, hence the above brain problem)
that might aid in explaining:
-- http://support.microsoft.com/?id=216970


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________
Hi All,
I have single site, single doamin Lan network. Some body
told that if global catlog is down, user can't login
(assuming he is not loged in before and he is not having
cashed profile). But I could login for the first time when
the global catlog of domain is down. Then I wondering, in
typical LAN network of single domain, what is the role of
global catlog?. Does it take part login and authentication?..


Regards,
Srinivas Acharya
 
If you have a single domain, make all DCs into GCs.

In native mode a GC is required for authentication but there are specific
exceptions.

joe
 
In Srinivas' case I would guess that he was logged in as an
adminstrator, and administrators can, I believe, login without a GC?

Cheers,

Cliff
 
Yes, administrators can log on w/o a GC, but it could have been a regular user
if the domain wasn't in native mode or ignoregcfailures was enabled.

joe
 
Back
Top