Re: Logon Server in Active Directory

From: Bart Jacobsen (bart_jacobsen@hotmail.com)
Date: 05/06/02 

From: "Bart Jacobsen" <bart_jacobsen@hotmail.com>
Date: Sun, 5 May 2002 15:22:19 -0700

> "There can only be one Global Catalog Server per domain"

James, that is completely wrong. Please spend the effort to look something
up properly rather than make a false statement like this. It just misleads
others who don't know any better.

Larry, you can have a GC on every DC in your environment if you wish. I've
got 31 Domain Controllers at my company and 30 of them are Global Catalog
servers. The only one that isn't a GC is the one that hosts the
Infrastructure Master FSMO role.
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q251095

Also, take a look at this article:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q241789
 I'm not suggesting that you perform the reghack in this article but it may
shed some light onto DC authentication and how GC's fit in.

- Bart

"James Raaymakers MCSE 2000" <jamesraaymakers@hotmail.com> wrote in message
news:aXZz8.4483$d74.2750638276@newssvr21.news.prodigy.com...
> Hi Larry,
> Check your routers to see if the ports that AD uses are being blocked.
> You may have to open those ports. If this is not the case then make sure
the
> lients have the local DNS server as thier primary DNS server. If you are
> using DHCP this will be configured in the scope options in the DHCP MMC
> snapin.
> There can only be one Global Catalog Server per domain. If the Global
> Catalog goes down then users should be able to authenticate on the
remaining
> DCs. But changes to AD will not be able to happen unless the Global
Catalog
> Server comes back on line. If the GC will not be able to make backin a
> timely manner then configure another DC as the GC. This is done in Active
> Directory Sites and Services/Sites/Default-First-Site_Name/Servers/NTDS
> Settings properties.
>
> James Raaymakers
> MCSE 2000
>
>
>
> "Larry Mulvaney" <larrymulvaney@nospam.yahoo.com> wrote in message
> news:469901c1f117$c8ae1c00$3aef2ecf@TKMSFTNGXA09...
> > We have a Win2k-AD Domain spanning two geographical
> > locations each of which is set up as a separate Site. My
> > question: Is there a way that I can tell which AD domain
> > controller authenticates users at login? Do I need a third
> > party tool?
> > The reason that I ask is that I am trying to track
> > suspicious activity on a certain day. I need to look at
> > security events, but need to know which DC authenticates
> > the users in that Site.
> > Another Question: If the Forest Root Domain Controller
> > goes down, and there is another Global Catalog DC Server
> > in the same Site, why can't users authenticate to that
> > secondary DC? I come from the Novell world, and in NDS,
> > you authenticate with any Server with a replica of your
> > login credentials and user account information
> >
>
>

Quantcast