If necessary, you can configure additional attributes that will be replicated to the GC using the Active Directory Schema mmc snap-in. The first GC server was automatically created on the first domain controller in the forest when you promote DC during installing Active Directory Domain Services role.
In the case of a single AD site , even if it contains multiple domains, a single Global Catalog server is usually sufficient to process Active Directory requests. In a multi-site environment in order to optimize network performance consider adding GC servers to ensure a quick response to search queries and fast logon. Also, at least one GC server must be present on each AD site where Exchange is supposed to be installed.
For resiliency purposes, it is important to keep at least a few domain controllers with the Global Catalog role. It will be better if each domain has a minimum of one GC.
However, it is better to make all DCs in the forest as Global catalog server s. This will also have a positive effect on load balancing. Read-only domain controllers RODCs can be promoted successfully to global catalog server status.
However, certain directory-enabled applications cannot support an RODC as a global catalog server. However, Microsoft Exchange Server works in environments that include RODCs, as long as there are writable domain controllers available.
Exchange Server also ignores RODCs in default conditions where Exchange components automatically detect available domain controllers. No changes were made to Exchange Server to make it aware of read-only directory servers. Therefore, trying to force Exchange Server services and management tools to use RODCs may result in unpredictable behavior.
Place global catalog servers at all locations that contain more than users to reduce congestion of network WAN links and to prevent productivity loss in case of WAN link failure. You do not need to place a global catalog at a location that does not include applications that require a global catalog server, includes less than users, and is also connected to another location that includes a global catalog server by a WAN link that is percent available for Active Directory Domain Services AD DS.
In this case, the users can access the global catalog server over the WAN link. Roaming users need to contact the global catalog servers whenever they log on for the first time at any location.
If the logon time over the WAN link is unacceptable, place a global catalog at a location that is visited by a large number of roaming users. For locations that include less than users and that do not include a large number of roaming users or applications that require a global catalog server, you can deploy domain controllers that are running Windows Server and enable universal group membership caching.
Ensure that the global catalog servers are not more than one replication hop from the domain controller on which universal group membership caching is enabled so that universal group information in the cache can be refreshed.
For information about how universal group caching works, see the article How the Global Catalog Works. Of course GCs only come into it when you are in a multi domain environment I'm not quite sure what you mean by that - I don't see why you say making a DC a GC is a security issue especially as you suggest a read only DC would be better, when a GC is read only anyway. Can you elaborate? The idea is that RODCs don't store any passwords locally unless people are in a certain group in AD, and then if the RODC does get stolen you've only got to react to that list not your entire domain.
Also, it's Read-Only so no changes would be replicated back to the domain if they managed to mess with it at all. That's the gist of it anyways. So my question is this; If admins are making changes on a server thats identified as a GC and replications are taking a really long time. Welcome to the community Bryan. This is a really old thread.
You'd probably have better luck if you create a new one. There are plenty of folks here that are willing to help, but they won't see your post for the most part. To continue this discussion, please ask a new question.
Get answers from your peers along with millions of IT pros who visit Spiceworks. Best Answer. Jay This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. Per MS, " The global catalog provides the ability to locate objects from any domain without having to know the domain name.
View this "Best Answer" in the replies below ».
0コメント