Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GC and Authentication 2

Status
Not open for further replies.

Bhavin78

IS-IT--Management
Oct 26, 2004
320
I have two DC in our network. Both on same physical location. Do I need to make second DC Global Catalog or no?
Is it true that if I dont make second DC a GC it want be able to authenticate? What's the reason? and what's the recommendation?

Infrastructure role is recommneded not to put on a GC, why? what if both of my DC are GC?
 
Both DC's need to be GC's, DNS Servers, and DHCP servers. as long as the dhcp scopes dont overlap they both can run at the same time on the same network.

RoadKi11
 
still does not answer to my question?
 
You asked about half a dozen or so questions, if you want reasons why MS recommends something, you may want to address that with them.

The real issue you're facing is when your DC that is a GC is down, users can't logon. The solution is, as RoadKi11 advised, to make both DC's GC's to avoid this problem. He then offered up that fact that if you also run DNS and DHCP on both that you'll avoid other issues that will occur if your main DC fails.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
The poster formerly known as lander215
 
I guess you did not read my post correctly?
I did not ask half a dozen question.

Is it true that if I dont make second DC a GC it want be able to authenticate? I am almost sure that this is true but what I was looking for is the reason?

and also need to know reason why infrastructure role is recommneded not to put on a GC, why? what if both of my DC are GC?




 
Question #1 - Do I need to make second DC Global Catalog or no?

Answer # 1- No, you don't need to, but it's a good idea if you do so that if one fails the other will handle logons for your users.

Question # 2 - Is it true that if I dont make second DC a GC it want be able to authenticate?

Answer #2 - See answer #1.

Question # 3 - What's the reason?

Answer #3 - Because a DC needs to be a GC to authenticate users.

Question #4 - and what's the recommendation?

Answer # 4 - See answer #1.

Question #5 - Infrastructure role is recommneded not to put on a GC, why?

Answer # 5 - One of MS's mysteries that you'd need to probably address with them or hit up Google for a random scattering of reasons.

Question # 6 - what if both of my DC are GC?

Answer # 6 - See answer #1.

Six questions does half a dozen make.

Now, I don't mean to sound like an ass, and perhaps there's a language barrier here, but the root of your problem that created you to ask so many questions has been answered, and pretty quickly I might add, yet you didn't bother to thank RoadKi11 for his quick and accurate answer. That's not a very professional way for you to act.



I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
The poster formerly known as lander215
 
Thanks everyone for your help.
I found the answer with help of your post and from my research.

If the infrastructure master finds data that is out-of-date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain.

Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so will never replicate any changes to the other domain controllers in the domain.
 
Thanks for following up with the reasons. Imagine that...something from MS that actually makes a bit of sense...

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
The poster formerly known as lander215
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top