GC and DC question

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi

I have a 2003 single domain, all DC's are 2003. There are 13 sites in the
domain all connected by high speed reliable physical links. At each site
there are around 100 users amd at the corporate site there are around 500
users. I have 13 remote sites in all.

Currently i have only one GC server (headquarters), there is a DC at each
remote site. My question is does a DC have to talk to a GC everytime a user
logs onto the domain, and if so if this process is slow will this slow down
the log on process? Also does a DC at a remote site hold copies of all user
acounts and groups, or does a DC need to query a GC to get this info?

I need to find out the relationship between a GC server and a DC in a domain
so that i can determine if i need to install a GC server at each remote site,
or just a DC at each site.

Thanks very much for any help
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Skipster,

If you have your sites defined in Active Directory Sites and Services, you
should have a GC at each site in your infrastructure. Computers looking for
directory information will refer to the GC for this information and greatly
reduce their reliance on the WAN link as they'll no longer have to refer to
the Core for AD lookups.

You should also have an AD Integrated of DNS at each site -- While this
isn't a hard and fast rule, it is a general recommendation and will give you
the resilience you are looking for in the case of a link outage.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Skipster" <Skipster@discussions.microsoft.com> wrote in message
news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> Hi
>
> I have a 2003 single domain, all DC's are 2003. There are 13 sites in
the
> domain all connected by high speed reliable physical links. At each site
> there are around 100 users amd at the corporate site there are around 500
> users. I have 13 remote sites in all.
>
> Currently i have only one GC server (headquarters), there is a DC at each
> remote site. My question is does a DC have to talk to a GC everytime a
user
> logs onto the domain, and if so if this process is slow will this slow
down
> the log on process? Also does a DC at a remote site hold copies of all
user
> acounts and groups, or does a DC need to query a GC to get this info?
>
> I need to find out the relationship between a GC server and a DC in a
domain
> so that i can determine if i need to install a GC server at each remote
site,
> or just a DC at each site.
>
> Thanks very much for any help
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi Ryan thanks for the reply

When you say "directory information" is this data not stored in DC's but
rather only in GC's? also what type of data for example would make up
directory information? I will assume that a user at a remote site that has a
DC installed in the site will be able to log into the domain as its the local
DC for the site that does the authentification and not the GC server for the
domain? or does the DC at the remtoe site have to query the GC server for the
domain everytime a user at a remtoe site logs onto the domain?

Thansk again

"Ryan Hanisco" wrote:

> Hi Skipster,
>
> If you have your sites defined in Active Directory Sites and Services, you
> should have a GC at each site in your infrastructure. Computers looking for
> directory information will refer to the GC for this information and greatly
> reduce their reliance on the WAN link as they'll no longer have to refer to
> the Core for AD lookups.
>
> You should also have an AD Integrated of DNS at each site -- While this
> isn't a hard and fast rule, it is a general recommendation and will give you
> the resilience you are looking for in the case of a link outage.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > Hi
> >
> > I have a 2003 single domain, all DC's are 2003. There are 13 sites in
> the
> > domain all connected by high speed reliable physical links. At each site
> > there are around 100 users amd at the corporate site there are around 500
> > users. I have 13 remote sites in all.
> >
> > Currently i have only one GC server (headquarters), there is a DC at each
> > remote site. My question is does a DC have to talk to a GC everytime a
> user
> > logs onto the domain, and if so if this process is slow will this slow
> down
> > the log on process? Also does a DC at a remote site hold copies of all
> user
> > acounts and groups, or does a DC need to query a GC to get this info?
> >
> > I need to find out the relationship between a GC server and a DC in a
> domain
> > so that i can determine if i need to install a GC server at each remote
> site,
> > or just a DC at each site.
> >
> > Thanks very much for any help
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It will query every time a user logs in, refreshes a GPO, or refreshes an
access token.

Like I said.... You need a GC in every site.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Skipster" <Skipster@discussions.microsoft.com> wrote in message
news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> Hi Ryan thanks for the reply
>
> When you say "directory information" is this data not stored in DC's but
> rather only in GC's? also what type of data for example would make up
> directory information? I will assume that a user at a remote site that has
a
> DC installed in the site will be able to log into the domain as its the
local
> DC for the site that does the authentification and not the GC server for
the
> domain? or does the DC at the remtoe site have to query the GC server for
the
> domain everytime a user at a remtoe site logs onto the domain?
>
> Thansk again
>
> "Ryan Hanisco" wrote:
>
> > Hi Skipster,
> >
> > If you have your sites defined in Active Directory Sites and Services,
you
> > should have a GC at each site in your infrastructure. Computers looking
for
> > directory information will refer to the GC for this information and
greatly
> > reduce their reliance on the WAN link as they'll no longer have to refer
to
> > the Core for AD lookups.
> >
> > You should also have an AD Integrated of DNS at each site -- While this
> > isn't a hard and fast rule, it is a general recommendation and will give
you
> > the resilience you are looking for in the case of a link outage.
> >
> > --
> > Ryan Hanisco
> > MCSE, MCDBA
> > Flagship Integration Services
> >
> > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > Hi
> > >
> > > I have a 2003 single domain, all DC's are 2003. There are 13 sites
in
> > the
> > > domain all connected by high speed reliable physical links. At each
site
> > > there are around 100 users amd at the corporate site there are around
500
> > > users. I have 13 remote sites in all.
> > >
> > > Currently i have only one GC server (headquarters), there is a DC at
each
> > > remote site. My question is does a DC have to talk to a GC everytime a
> > user
> > > logs onto the domain, and if so if this process is slow will this slow
> > down
> > > the log on process? Also does a DC at a remote site hold copies of all
> > user
> > > acounts and groups, or does a DC need to query a GC to get this info?
> > >
> > > I need to find out the relationship between a GC server and a DC in a
> > domain
> > > so that i can determine if i need to install a GC server at each
remote
> > site,
> > > or just a DC at each site.
> > >
> > > Thanks very much for any help
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Ok gotcha so without a GC server at each site then whenever a user logs into
the domain at a remote site the remote sites DC msut quesry a GC server on
the domain to examin group memberships and GPO's. If i understand thsi
correctly if a GC server is not located at each remote site then when a user
logs in to the domain the sites DC must go over the WAN to locate a GC so
that it can determine GPO's OU's and group membership's?

If this is correct then what it seems that the role of a DC is mainly to
locate GC's and SRV records on the domain, and its GC that does the brunt of
the work?

Thanks again really appreciate your help

"Ryan Hanisco" wrote:

> It will query every time a user logs in, refreshes a GPO, or refreshes an
> access token.
>
> Like I said.... You need a GC in every site.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > Hi Ryan thanks for the reply
> >
> > When you say "directory information" is this data not stored in DC's but
> > rather only in GC's? also what type of data for example would make up
> > directory information? I will assume that a user at a remote site that has
> a
> > DC installed in the site will be able to log into the domain as its the
> local
> > DC for the site that does the authentification and not the GC server for
> the
> > domain? or does the DC at the remtoe site have to query the GC server for
> the
> > domain everytime a user at a remtoe site logs onto the domain?
> >
> > Thansk again
> >
> > "Ryan Hanisco" wrote:
> >
> > > Hi Skipster,
> > >
> > > If you have your sites defined in Active Directory Sites and Services,
> you
> > > should have a GC at each site in your infrastructure. Computers looking
> for
> > > directory information will refer to the GC for this information and
> greatly
> > > reduce their reliance on the WAN link as they'll no longer have to refer
> to
> > > the Core for AD lookups.
> > >
> > > You should also have an AD Integrated of DNS at each site -- While this
> > > isn't a hard and fast rule, it is a general recommendation and will give
> you
> > > the resilience you are looking for in the case of a link outage.
> > >
> > > --
> > > Ryan Hanisco
> > > MCSE, MCDBA
> > > Flagship Integration Services
> > >
> > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > Hi
> > > >
> > > > I have a 2003 single domain, all DC's are 2003. There are 13 sites
> in
> > > the
> > > > domain all connected by high speed reliable physical links. At each
> site
> > > > there are around 100 users amd at the corporate site there are around
> 500
> > > > users. I have 13 remote sites in all.
> > > >
> > > > Currently i have only one GC server (headquarters), there is a DC at
> each
> > > > remote site. My question is does a DC have to talk to a GC everytime a
> > > user
> > > > logs onto the domain, and if so if this process is slow will this slow
> > > down
> > > > the log on process? Also does a DC at a remote site hold copies of all
> > > user
> > > > acounts and groups, or does a DC need to query a GC to get this info?
> > > >
> > > > I need to find out the relationship between a GC server and a DC in a
> > > domain
> > > > so that i can determine if i need to install a GC server at each
> remote
> > > site,
> > > > or just a DC at each site.
> > > >
> > > > Thanks very much for any help
> > >
> > >
> > >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Skipster,

The role of the DNS is to do the locating of all of this through its SRV
records.

The DC is authoritative for changes to the AD and is responsible for the
management and availability of the AD database in a distributed form.

The GC is a flattened version of the AD -- kind of like an index in a
database. This makes searching faster and responds to the AD queries
against the AD's backend without having to walk the tree from the root.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Skipster" <Skipster@discussions.microsoft.com> wrote in message
news:08504933-84F2-4036-920C-8585B5DB29CC@microsoft.com...
> Ok gotcha so without a GC server at each site then whenever a user logs
into
> the domain at a remote site the remote sites DC msut quesry a GC server on
> the domain to examin group memberships and GPO's. If i understand thsi
> correctly if a GC server is not located at each remote site then when a
user
> logs in to the domain the sites DC must go over the WAN to locate a GC so
> that it can determine GPO's OU's and group membership's?
>
> If this is correct then what it seems that the role of a DC is mainly to
> locate GC's and SRV records on the domain, and its GC that does the brunt
of
> the work?
>
> Thanks again really appreciate your help
>
> "Ryan Hanisco" wrote:
>
> > It will query every time a user logs in, refreshes a GPO, or refreshes
an
> > access token.
> >
> > Like I said.... You need a GC in every site.
> >
> > --
> > Ryan Hanisco
> > MCSE, MCDBA
> > Flagship Integration Services
> >
> > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > > Hi Ryan thanks for the reply
> > >
> > > When you say "directory information" is this data not stored in DC's
but
> > > rather only in GC's? also what type of data for example would make up
> > > directory information? I will assume that a user at a remote site that
has
> > a
> > > DC installed in the site will be able to log into the domain as its
the
> > local
> > > DC for the site that does the authentification and not the GC server
for
> > the
> > > domain? or does the DC at the remtoe site have to query the GC server
for
> > the
> > > domain everytime a user at a remtoe site logs onto the domain?
> > >
> > > Thansk again
> > >
> > > "Ryan Hanisco" wrote:
> > >
> > > > Hi Skipster,
> > > >
> > > > If you have your sites defined in Active Directory Sites and
Services,
> > you
> > > > should have a GC at each site in your infrastructure. Computers
looking
> > for
> > > > directory information will refer to the GC for this information and
> > greatly
> > > > reduce their reliance on the WAN link as they'll no longer have to
refer
> > to
> > > > the Core for AD lookups.
> > > >
> > > > You should also have an AD Integrated of DNS at each site -- While
this
> > > > isn't a hard and fast rule, it is a general recommendation and will
give
> > you
> > > > the resilience you are looking for in the case of a link outage.
> > > >
> > > > --
> > > > Ryan Hanisco
> > > > MCSE, MCDBA
> > > > Flagship Integration Services
> > > >
> > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > > Hi
> > > > >
> > > > > I have a 2003 single domain, all DC's are 2003. There are 13
sites
> > in
> > > > the
> > > > > domain all connected by high speed reliable physical links. At
each
> > site
> > > > > there are around 100 users amd at the corporate site there are
around
> > 500
> > > > > users. I have 13 remote sites in all.
> > > > >
> > > > > Currently i have only one GC server (headquarters), there is a DC
at
> > each
> > > > > remote site. My question is does a DC have to talk to a GC
everytime a
> > > > user
> > > > > logs onto the domain, and if so if this process is slow will this
slow
> > > > down
> > > > > the log on process? Also does a DC at a remote site hold copies of
all
> > > > user
> > > > > acounts and groups, or does a DC need to query a GC to get this
info?
> > > > >
> > > > > I need to find out the relationship between a GC server and a DC
in a
> > > > domain
> > > > > so that i can determine if i need to install a GC server at each
> > remote
> > > > site,
> > > > > or just a DC at each site.
> > > > >
> > > > > Thanks very much for any help
> > > >
> > > >
> > > >
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Ok, ok it is starting to tke shape now in my head. could a 2003 DC in a site
and the site did not have a GC server in it take advantage of universal group
caching? would this feature replace the need to install a GC server in the
site?

Thanks a million

"Ryan Hanisco" wrote:

> Skipster,
>
> The role of the DNS is to do the locating of all of this through its SRV
> records.
>
> The DC is authoritative for changes to the AD and is responsible for the
> management and availability of the AD database in a distributed form.
>
> The GC is a flattened version of the AD -- kind of like an index in a
> database. This makes searching faster and responds to the AD queries
> against the AD's backend without having to walk the tree from the root.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> news:08504933-84F2-4036-920C-8585B5DB29CC@microsoft.com...
> > Ok gotcha so without a GC server at each site then whenever a user logs
> into
> > the domain at a remote site the remote sites DC msut quesry a GC server on
> > the domain to examin group memberships and GPO's. If i understand thsi
> > correctly if a GC server is not located at each remote site then when a
> user
> > logs in to the domain the sites DC must go over the WAN to locate a GC so
> > that it can determine GPO's OU's and group membership's?
> >
> > If this is correct then what it seems that the role of a DC is mainly to
> > locate GC's and SRV records on the domain, and its GC that does the brunt
> of
> > the work?
> >
> > Thanks again really appreciate your help
> >
> > "Ryan Hanisco" wrote:
> >
> > > It will query every time a user logs in, refreshes a GPO, or refreshes
> an
> > > access token.
> > >
> > > Like I said.... You need a GC in every site.
> > >
> > > --
> > > Ryan Hanisco
> > > MCSE, MCDBA
> > > Flagship Integration Services
> > >
> > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > > > Hi Ryan thanks for the reply
> > > >
> > > > When you say "directory information" is this data not stored in DC's
> but
> > > > rather only in GC's? also what type of data for example would make up
> > > > directory information? I will assume that a user at a remote site that
> has
> > > a
> > > > DC installed in the site will be able to log into the domain as its
> the
> > > local
> > > > DC for the site that does the authentification and not the GC server
> for
> > > the
> > > > domain? or does the DC at the remtoe site have to query the GC server
> for
> > > the
> > > > domain everytime a user at a remtoe site logs onto the domain?
> > > >
> > > > Thansk again
> > > >
> > > > "Ryan Hanisco" wrote:
> > > >
> > > > > Hi Skipster,
> > > > >
> > > > > If you have your sites defined in Active Directory Sites and
> Services,
> > > you
> > > > > should have a GC at each site in your infrastructure. Computers
> looking
> > > for
> > > > > directory information will refer to the GC for this information and
> > > greatly
> > > > > reduce their reliance on the WAN link as they'll no longer have to
> refer
> > > to
> > > > > the Core for AD lookups.
> > > > >
> > > > > You should also have an AD Integrated of DNS at each site -- While
> this
> > > > > isn't a hard and fast rule, it is a general recommendation and will
> give
> > > you
> > > > > the resilience you are looking for in the case of a link outage.
> > > > >
> > > > > --
> > > > > Ryan Hanisco
> > > > > MCSE, MCDBA
> > > > > Flagship Integration Services
> > > > >
> > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > > > Hi
> > > > > >
> > > > > > I have a 2003 single domain, all DC's are 2003. There are 13
> sites
> > > in
> > > > > the
> > > > > > domain all connected by high speed reliable physical links. At
> each
> > > site
> > > > > > there are around 100 users amd at the corporate site there are
> around
> > > 500
> > > > > > users. I have 13 remote sites in all.
> > > > > >
> > > > > > Currently i have only one GC server (headquarters), there is a DC
> at
> > > each
> > > > > > remote site. My question is does a DC have to talk to a GC
> everytime a
> > > > > user
> > > > > > logs onto the domain, and if so if this process is slow will this
> slow
> > > > > down
> > > > > > the log on process? Also does a DC at a remote site hold copies of
> all
> > > > > user
> > > > > > acounts and groups, or does a DC need to query a GC to get this
> info?
> > > > > >
> > > > > > I need to find out the relationship between a GC server and a DC
> in a
> > > > > domain
> > > > > > so that i can determine if i need to install a GC server at each
> > > remote
> > > > > site,
> > > > > > or just a DC at each site.
> > > > > >
> > > > > > Thanks very much for any help
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

This one I'll have to do some digging and verify my understanding before
getting back to you. I don't want to give you wrong information.

I will say though, that there is no additional cost or problem putting a GC
in every site -- since you already have a DC there. I do, however,
understand your wanting to understand exactly how this works.

I'll get back to you this evening. Maybe one of the other people knows off
hand and will be able to shoot you a quick answer.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Skipster" <Skipster@discussions.microsoft.com> wrote in message
news:A505B22B-51C3-438D-BDB9-D8CA92F095FC@microsoft.com...
> Ok, ok it is starting to tke shape now in my head. could a 2003 DC in a
site
> and the site did not have a GC server in it take advantage of universal
group
> caching? would this feature replace the need to install a GC server in the
> site?
>
> Thanks a million
>
> "Ryan Hanisco" wrote:
>
> > Skipster,
> >
> > The role of the DNS is to do the locating of all of this through its SRV
> > records.
> >
> > The DC is authoritative for changes to the AD and is responsible for the
> > management and availability of the AD database in a distributed form.
> >
> > The GC is a flattened version of the AD -- kind of like an index in a
> > database. This makes searching faster and responds to the AD queries
> > against the AD's backend without having to walk the tree from the root.
> >
> > --
> > Ryan Hanisco
> > MCSE, MCDBA
> > Flagship Integration Services
> >
> > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > news:08504933-84F2-4036-920C-8585B5DB29CC@microsoft.com...
> > > Ok gotcha so without a GC server at each site then whenever a user
logs
> > into
> > > the domain at a remote site the remote sites DC msut quesry a GC
server on
> > > the domain to examin group memberships and GPO's. If i understand thsi
> > > correctly if a GC server is not located at each remote site then when
a
> > user
> > > logs in to the domain the sites DC must go over the WAN to locate a GC
so
> > > that it can determine GPO's OU's and group membership's?
> > >
> > > If this is correct then what it seems that the role of a DC is mainly
to
> > > locate GC's and SRV records on the domain, and its GC that does the
brunt
> > of
> > > the work?
> > >
> > > Thanks again really appreciate your help
> > >
> > > "Ryan Hanisco" wrote:
> > >
> > > > It will query every time a user logs in, refreshes a GPO, or
refreshes
> > an
> > > > access token.
> > > >
> > > > Like I said.... You need a GC in every site.
> > > >
> > > > --
> > > > Ryan Hanisco
> > > > MCSE, MCDBA
> > > > Flagship Integration Services
> > > >
> > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > > > > Hi Ryan thanks for the reply
> > > > >
> > > > > When you say "directory information" is this data not stored in
DC's
> > but
> > > > > rather only in GC's? also what type of data for example would make
up
> > > > > directory information? I will assume that a user at a remote site
that
> > has
> > > > a
> > > > > DC installed in the site will be able to log into the domain as
its
> > the
> > > > local
> > > > > DC for the site that does the authentification and not the GC
server
> > for
> > > > the
> > > > > domain? or does the DC at the remtoe site have to query the GC
server
> > for
> > > > the
> > > > > domain everytime a user at a remtoe site logs onto the domain?
> > > > >
> > > > > Thansk again
> > > > >
> > > > > "Ryan Hanisco" wrote:
> > > > >
> > > > > > Hi Skipster,
> > > > > >
> > > > > > If you have your sites defined in Active Directory Sites and
> > Services,
> > > > you
> > > > > > should have a GC at each site in your infrastructure. Computers
> > looking
> > > > for
> > > > > > directory information will refer to the GC for this information
and
> > > > greatly
> > > > > > reduce their reliance on the WAN link as they'll no longer have
to
> > refer
> > > > to
> > > > > > the Core for AD lookups.
> > > > > >
> > > > > > You should also have an AD Integrated of DNS at each site --
While
> > this
> > > > > > isn't a hard and fast rule, it is a general recommendation and
will
> > give
> > > > you
> > > > > > the resilience you are looking for in the case of a link outage.
> > > > > >
> > > > > > --
> > > > > > Ryan Hanisco
> > > > > > MCSE, MCDBA
> > > > > > Flagship Integration Services
> > > > > >
> > > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > > > > Hi
> > > > > > >
> > > > > > > I have a 2003 single domain, all DC's are 2003. There are 13
> > sites
> > > > in
> > > > > > the
> > > > > > > domain all connected by high speed reliable physical links. At
> > each
> > > > site
> > > > > > > there are around 100 users amd at the corporate site there are
> > around
> > > > 500
> > > > > > > users. I have 13 remote sites in all.
> > > > > > >
> > > > > > > Currently i have only one GC server (headquarters), there is a
DC
> > at
> > > > each
> > > > > > > remote site. My question is does a DC have to talk to a GC
> > everytime a
> > > > > > user
> > > > > > > logs onto the domain, and if so if this process is slow will
this
> > slow
> > > > > > down
> > > > > > > the log on process? Also does a DC at a remote site hold
copies of
> > all
> > > > > > user
> > > > > > > acounts and groups, or does a DC need to query a GC to get
this
> > info?
> > > > > > >
> > > > > > > I need to find out the relationship between a GC server and a
DC
> > in a
> > > > > > domain
> > > > > > > so that i can determine if i need to install a GC server at
each
> > > > remote
> > > > > > site,
> > > > > > > or just a DC at each site.
> > > > > > >
> > > > > > > Thanks very much for any help
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks again appreciate all your help

"Ryan Hanisco" wrote:

> This one I'll have to do some digging and verify my understanding before
> getting back to you. I don't want to give you wrong information.
>
> I will say though, that there is no additional cost or problem putting a GC
> in every site -- since you already have a DC there. I do, however,
> understand your wanting to understand exactly how this works.
>
> I'll get back to you this evening. Maybe one of the other people knows off
> hand and will be able to shoot you a quick answer.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> news:A505B22B-51C3-438D-BDB9-D8CA92F095FC@microsoft.com...
> > Ok, ok it is starting to tke shape now in my head. could a 2003 DC in a
> site
> > and the site did not have a GC server in it take advantage of universal
> group
> > caching? would this feature replace the need to install a GC server in the
> > site?
> >
> > Thanks a million
> >
> > "Ryan Hanisco" wrote:
> >
> > > Skipster,
> > >
> > > The role of the DNS is to do the locating of all of this through its SRV
> > > records.
> > >
> > > The DC is authoritative for changes to the AD and is responsible for the
> > > management and availability of the AD database in a distributed form.
> > >
> > > The GC is a flattened version of the AD -- kind of like an index in a
> > > database. This makes searching faster and responds to the AD queries
> > > against the AD's backend without having to walk the tree from the root.
> > >
> > > --
> > > Ryan Hanisco
> > > MCSE, MCDBA
> > > Flagship Integration Services
> > >
> > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > news:08504933-84F2-4036-920C-8585B5DB29CC@microsoft.com...
> > > > Ok gotcha so without a GC server at each site then whenever a user
> logs
> > > into
> > > > the domain at a remote site the remote sites DC msut quesry a GC
> server on
> > > > the domain to examin group memberships and GPO's. If i understand thsi
> > > > correctly if a GC server is not located at each remote site then when
> a
> > > user
> > > > logs in to the domain the sites DC must go over the WAN to locate a GC
> so
> > > > that it can determine GPO's OU's and group membership's?
> > > >
> > > > If this is correct then what it seems that the role of a DC is mainly
> to
> > > > locate GC's and SRV records on the domain, and its GC that does the
> brunt
> > > of
> > > > the work?
> > > >
> > > > Thanks again really appreciate your help
> > > >
> > > > "Ryan Hanisco" wrote:
> > > >
> > > > > It will query every time a user logs in, refreshes a GPO, or
> refreshes
> > > an
> > > > > access token.
> > > > >
> > > > > Like I said.... You need a GC in every site.
> > > > >
> > > > > --
> > > > > Ryan Hanisco
> > > > > MCSE, MCDBA
> > > > > Flagship Integration Services
> > > > >
> > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > > > > > Hi Ryan thanks for the reply
> > > > > >
> > > > > > When you say "directory information" is this data not stored in
> DC's
> > > but
> > > > > > rather only in GC's? also what type of data for example would make
> up
> > > > > > directory information? I will assume that a user at a remote site
> that
> > > has
> > > > > a
> > > > > > DC installed in the site will be able to log into the domain as
> its
> > > the
> > > > > local
> > > > > > DC for the site that does the authentification and not the GC
> server
> > > for
> > > > > the
> > > > > > domain? or does the DC at the remtoe site have to query the GC
> server
> > > for
> > > > > the
> > > > > > domain everytime a user at a remtoe site logs onto the domain?
> > > > > >
> > > > > > Thansk again
> > > > > >
> > > > > > "Ryan Hanisco" wrote:
> > > > > >
> > > > > > > Hi Skipster,
> > > > > > >
> > > > > > > If you have your sites defined in Active Directory Sites and
> > > Services,
> > > > > you
> > > > > > > should have a GC at each site in your infrastructure. Computers
> > > looking
> > > > > for
> > > > > > > directory information will refer to the GC for this information
> and
> > > > > greatly
> > > > > > > reduce their reliance on the WAN link as they'll no longer have
> to
> > > refer
> > > > > to
> > > > > > > the Core for AD lookups.
> > > > > > >
> > > > > > > You should also have an AD Integrated of DNS at each site --
> While
> > > this
> > > > > > > isn't a hard and fast rule, it is a general recommendation and
> will
> > > give
> > > > > you
> > > > > > > the resilience you are looking for in the case of a link outage.
> > > > > > >
> > > > > > > --
> > > > > > > Ryan Hanisco
> > > > > > > MCSE, MCDBA
> > > > > > > Flagship Integration Services
> > > > > > >
> > > > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > > > > > Hi
> > > > > > > >
> > > > > > > > I have a 2003 single domain, all DC's are 2003. There are 13
> > > sites
> > > > > in
> > > > > > > the
> > > > > > > > domain all connected by high speed reliable physical links. At
> > > each
> > > > > site
> > > > > > > > there are around 100 users amd at the corporate site there are
> > > around
> > > > > 500
> > > > > > > > users. I have 13 remote sites in all.
> > > > > > > >
> > > > > > > > Currently i have only one GC server (headquarters), there is a
> DC
> > > at
> > > > > each
> > > > > > > > remote site. My question is does a DC have to talk to a GC
> > > everytime a
> > > > > > > user
> > > > > > > > logs onto the domain, and if so if this process is slow will
> this
> > > slow
> > > > > > > down
> > > > > > > > the log on process? Also does a DC at a remote site hold
> copies of
> > > all
> > > > > > > user
> > > > > > > > acounts and groups, or does a DC need to query a GC to get
> this
> > > info?
> > > > > > > >
> > > > > > > > I need to find out the relationship between a GC server and a
> DC
> > > in a
> > > > > > > domain
> > > > > > > > so that i can determine if i need to install a GC server at
> each
> > > > > remote
> > > > > > > site,
> > > > > > > > or just a DC at each site.
> > > > > > > >
> > > > > > > > Thanks very much for any help
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>