|Subject:||Re: Is a Global Catalog required?|
|Posted by:||Ace Fekay [MCT] (acem…@mvps.RemoveThisPart.org)|
|Date:||Sat, 5 Sep 2009|
"Mel K." <M…@K.com> wrote in message
> I've been working with AD for years and I understand what a GC does and
> why AD needs it, but I just ran across a question in a book that got me
> thinking. The question basically implied that a particular domain had no
> GC servers at all. The question stated that their were two domains in one
> forest (all AD 2008). Each domain was in its own site with two sites
> total--Site A for Domain A and Site B for Domain B. The question implied
> that Site B/Domain B did not have a GC.
> I don't have an AD 2008 forest/domain set up right now to test this, but I
> have an AD 2003 forest/domain with one DC and was able to uncheck the GC
> option for it. I found it interesting that AD doesn't actually required a
> GC and that I was able to disable the GC on my only DC. In a single domain
> forest this wouldn't really matter too much, but in a multi-domain forest,
> such as the example in the question, I would think that each domain would
> be required to have a GC. I just wanted to pass this along since I found
> it interesting.
> Mel K.
> MCSA: M, Ex2000
> MCTS: Ex2007
Interesting. Actually, the one GC for the multidomain forest will work. In a
single domain forest, on one subnet (IIRC), you can get away without a GC if
the users logon without a UPN or not using Universal Groups, but then again,
Exchange, if installed, will fail, since it uses the GC for mail-enabled
object address book lookups, DSAccess and DSProxy referrals for Outlook. So
I would imagine if there are other directory enabled apps that use port 3268
for lookups (port that the GC uses).
Also, the following passage was from:
What is a global Catalog?
"In a single-domain forest, a global catalog server stores a full, writable
replica of the domain and does not store any partial replica. A global
catalog server in a single-domain forest functions in the same manner as a
non-global-catalog server except for the processing of forestwide searches."
So in a single domain forest, you can get away without a GC, since it has a
writeable copy, acting like a DC anyway, but then again, it depends on what
apps and services are running that may require a GC.
But not quite with a multi-domain forest.
IIRC, the only user account that can logon without a GC in a multi-domain
forest, is the built-in administrator account of all domains.
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Is a Global Catalog required? posted by Mel K. on Sat, 5 Sep 2009