Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Is a Global Catalog required?
Is a Global Catalog required? [message #160711] Sat, 05 September 2009 11:23 Go to next message
Mel  is currently offline Mel  United States
Messages: 34
Registered: August 2009
Member
Hello:

I've been working with AD for years and I understand what a GC does and why
AD needs it, but I just ran across a question in a book that got me
thinking. The question basically implied that a particular domain had no GC
servers at all. The question stated that their were two domains in one
forest (all AD 2008). Each domain was in its own site with two sites
total--Site A for Domain A and Site B for Domain B. The question implied
that Site B/Domain B did not have a GC.

I don't have an AD 2008 forest/domain set up right now to test this, but I
have an AD 2003 forest/domain with one DC and was able to uncheck the GC
option for it. I found it interesting that AD doesn't actually required a GC
and that I was able to disable the GC on my only DC. In a single domain
forest this wouldn't really matter too much, but in a multi-domain forest,
such as the example in the question, I would think that each domain would be
required to have a GC. I just wanted to pass this along since I found it
interesting.

--

Mel K.
MCSA: M, Ex2000
MCTS: Ex2007
Re: Is a Global Catalog required? [message #160713 is a reply to message #160711] Sat, 05 September 2009 12:09 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Mel K." <Mel@K.com> wrote in message
news:e$Q1Z2kLKHA.4004@TK2MSFTNGP05.phx.gbl...
> Hello:
>
> I've been working with AD for years and I understand what a GC does and
> why AD needs it, but I just ran across a question in a book that got me
> thinking. The question basically implied that a particular domain had no
> GC servers at all. The question stated that their were two domains in one
> forest (all AD 2008). Each domain was in its own site with two sites
> total--Site A for Domain A and Site B for Domain B. The question implied
> that Site B/Domain B did not have a GC.
>
> I don't have an AD 2008 forest/domain set up right now to test this, but I
> have an AD 2003 forest/domain with one DC and was able to uncheck the GC
> option for it. I found it interesting that AD doesn't actually required a
> GC and that I was able to disable the GC on my only DC. In a single domain
> forest this wouldn't really matter too much, but in a multi-domain forest,
> such as the example in the question, I would think that each domain would
> be required to have a GC. I just wanted to pass this along since I found
> it interesting.
>
> --
>
> Mel K.
> MCSA: M, Ex2000
> MCTS: Ex2007
>


Interesting. Actually, the one GC for the multidomain forest will work. In a
single domain forest, on one subnet (IIRC), you can get away without a GC if
the users logon without a UPN or not using Universal Groups, but then again,
Exchange, if installed, will fail, since it uses the GC for mail-enabled
object address book lookups, DSAccess and DSProxy referrals for Outlook. So
I would imagine if there are other directory enabled apps that use port 3268
for lookups (port that the GC uses).

Also, the following passage was from:

What is a global Catalog?
http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx

"In a single-domain forest, a global catalog server stores a full, writable
replica of the domain and does not store any partial replica. A global
catalog server in a single-domain forest functions in the same manner as a
non-global-catalog server except for the processing of forestwide searches."

So in a single domain forest, you can get away without a GC, since it has a
writeable copy, acting like a DC anyway, but then again, it depends on what
apps and services are running that may require a GC.

But not quite with a multi-domain forest.

IIRC, the only user account that can logon without a GC in a multi-domain
forest, is the built-in administrator account of all domains.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Is a Global Catalog required? [message #160718 is a reply to message #160711] Sun, 06 September 2009 06:44 Go to previous message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
Mel,
that's a risky arrangements - since it will cause a site-wide issues if the
link between the two sites becomes unavailable...

hth
Marcin

"Mel K." <Mel@K.com> wrote in message
news:e$Q1Z2kLKHA.4004@TK2MSFTNGP05.phx.gbl...
> Hello:
>
> I've been working with AD for years and I understand what a GC does and
> why AD needs it, but I just ran across a question in a book that got me
> thinking. The question basically implied that a particular domain had no
> GC servers at all. The question stated that their were two domains in one
> forest (all AD 2008). Each domain was in its own site with two sites
> total--Site A for Domain A and Site B for Domain B. The question implied
> that Site B/Domain B did not have a GC.
>
> I don't have an AD 2008 forest/domain set up right now to test this, but I
> have an AD 2003 forest/domain with one DC and was able to uncheck the GC
> option for it. I found it interesting that AD doesn't actually required a
> GC and that I was able to disable the GC on my only DC. In a single domain
> forest this wouldn't really matter too much, but in a multi-domain forest,
> such as the example in the question, I would think that each domain would
> be required to have a GC. I just wanted to pass this along since I found
> it interesting.
>
> --
>
> Mel K.
> MCSA: M, Ex2000
> MCTS: Ex2007
>
Previous Topic:Active desktop in group Policy
Next Topic:Office 2003 : hide C: in the dialog box Open/save
Goto Forum:
  


Current Time: Tue Jan 23 16:29:39 MST 2018

Total time taken to generate the page: 0.08541 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software