Hi ShaneHeasley,
Thank you for your very kind reply ! But believe me... there is still a lot I have to learn ;-)
Win2K supports both NTLM and Kerberos to provide logon service to all sorts of clients.
That's why Win9x, ME, Win2K clients can log on to the domain.
Changing a domain from mixed mode to native mode only changes the domain architecture, not the logon services. So there is still support for NTLM in native mode.
A global catalog has 2 roles :
1. it allows you to find information throughout all the domains in your AD
(the global catalog contains all the objects of the local domain + a subset of all objects of all other domains)
2. it allows logon to the network by providing universal information about group membership to a domain controller when a netlogon process is started... (native mode only)
So, in native mode, when a user logs on, the domain controller validates it's name & password
AND the Global Catalog server has to provide the domain controller with the appropriate information to allow access to the network.
What I was wondering is :
Suppose you have a domain, 1 global catalog server
2 domain controllers. All servers are working in mixed mode (DC01 is PDC emulator)
Let's assume that DC01 is also the GC server, and is in site 1
DC02 is the second Domain Controller, is in Site 2, and site 2 is connected with a leased line to site 1
Suppose the link goes down, will a client in site 2 be able to log on to the domain ?
Well... I believe he will, because mixed mode does not require a global catalog query
In native mode, the domain controller needs more information (obtained from a query in the Global Catalog)
A user will always need a Global Catalog to find a domain controller...
If there is no Global catalog server, only a Domain Admin will be able to log on to the network.
My conclusion would be : install a global catalog server in every remote site... (but be aware of the consequences -> replication traffic !!)
Can somebody confirm this ?
Peter Van Eeckhoutte
peter.ve@pandora.be
