Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Thanks again appreciate all your help
"Ryan Hanisco" wrote:
> This one I'll have to do some digging and verify my understanding before
> getting back to you. I don't want to give you wrong information.
>
> I will say though, that there is no additional cost or problem putting a GC
> in every site -- since you already have a DC there. I do, however,
> understand your wanting to understand exactly how this works.
>
> I'll get back to you this evening. Maybe one of the other people knows off
> hand and will be able to shoot you a quick answer.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> news:A505B22B-51C3-438D-BDB9-D8CA92F095FC@microsoft.com...
> > Ok, ok it is starting to tke shape now in my head. could a 2003 DC in a
> site
> > and the site did not have a GC server in it take advantage of universal
> group
> > caching? would this feature replace the need to install a GC server in the
> > site?
> >
> > Thanks a million
> >
> > "Ryan Hanisco" wrote:
> >
> > > Skipster,
> > >
> > > The role of the DNS is to do the locating of all of this through its SRV
> > > records.
> > >
> > > The DC is authoritative for changes to the AD and is responsible for the
> > > management and availability of the AD database in a distributed form.
> > >
> > > The GC is a flattened version of the AD -- kind of like an index in a
> > > database. This makes searching faster and responds to the AD queries
> > > against the AD's backend without having to walk the tree from the root.
> > >
> > > --
> > > Ryan Hanisco
> > > MCSE, MCDBA
> > > Flagship Integration Services
> > >
> > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > news:08504933-84F2-4036-920C-8585B5DB29CC@microsoft.com...
> > > > Ok gotcha so without a GC server at each site then whenever a user
> logs
> > > into
> > > > the domain at a remote site the remote sites DC msut quesry a GC
> server on
> > > > the domain to examin group memberships and GPO's. If i understand thsi
> > > > correctly if a GC server is not located at each remote site then when
> a
> > > user
> > > > logs in to the domain the sites DC must go over the WAN to locate a GC
> so
> > > > that it can determine GPO's OU's and group membership's?
> > > >
> > > > If this is correct then what it seems that the role of a DC is mainly
> to
> > > > locate GC's and SRV records on the domain, and its GC that does the
> brunt
> > > of
> > > > the work?
> > > >
> > > > Thanks again really appreciate your help
> > > >
> > > > "Ryan Hanisco" wrote:
> > > >
> > > > > It will query every time a user logs in, refreshes a GPO, or
> refreshes
> > > an
> > > > > access token.
> > > > >
> > > > > Like I said.... You need a GC in every site.
> > > > >
> > > > > --
> > > > > Ryan Hanisco
> > > > > MCSE, MCDBA
> > > > > Flagship Integration Services
> > > > >
> > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > news:F3AA2AF6-F9E6-42EA-B084-DE928D0C9BAA@microsoft.com...
> > > > > > Hi Ryan thanks for the reply
> > > > > >
> > > > > > When you say "directory information" is this data not stored in
> DC's
> > > but
> > > > > > rather only in GC's? also what type of data for example would make
> up
> > > > > > directory information? I will assume that a user at a remote site
> that
> > > has
> > > > > a
> > > > > > DC installed in the site will be able to log into the domain as
> its
> > > the
> > > > > local
> > > > > > DC for the site that does the authentification and not the GC
> server
> > > for
> > > > > the
> > > > > > domain? or does the DC at the remtoe site have to query the GC
> server
> > > for
> > > > > the
> > > > > > domain everytime a user at a remtoe site logs onto the domain?
> > > > > >
> > > > > > Thansk again
> > > > > >
> > > > > > "Ryan Hanisco" wrote:
> > > > > >
> > > > > > > Hi Skipster,
> > > > > > >
> > > > > > > If you have your sites defined in Active Directory Sites and
> > > Services,
> > > > > you
> > > > > > > should have a GC at each site in your infrastructure. Computers
> > > looking
> > > > > for
> > > > > > > directory information will refer to the GC for this information
> and
> > > > > greatly
> > > > > > > reduce their reliance on the WAN link as they'll no longer have
> to
> > > refer
> > > > > to
> > > > > > > the Core for AD lookups.
> > > > > > >
> > > > > > > You should also have an AD Integrated of DNS at each site --
> While
> > > this
> > > > > > > isn't a hard and fast rule, it is a general recommendation and
> will
> > > give
> > > > > you
> > > > > > > the resilience you are looking for in the case of a link outage.
> > > > > > >
> > > > > > > --
> > > > > > > Ryan Hanisco
> > > > > > > MCSE, MCDBA
> > > > > > > Flagship Integration Services
> > > > > > >
> > > > > > > "Skipster" <Skipster@discussions.microsoft.com> wrote in message
> > > > > > > news:BE0A4CAE-0E03-45B3-A234-A263B0521CE4@microsoft.com...
> > > > > > > > Hi
> > > > > > > >
> > > > > > > > I have a 2003 single domain, all DC's are 2003. There are 13
> > > sites
> > > > > in
> > > > > > > the
> > > > > > > > domain all connected by high speed reliable physical links. At
> > > each
> > > > > site
> > > > > > > > there are around 100 users amd at the corporate site there are
> > > around
> > > > > 500
> > > > > > > > users. I have 13 remote sites in all.
> > > > > > > >
> > > > > > > > Currently i have only one GC server (headquarters), there is a
> DC
> > > at
> > > > > each
> > > > > > > > remote site. My question is does a DC have to talk to a GC
> > > everytime a
> > > > > > > user
> > > > > > > > logs onto the domain, and if so if this process is slow will
> this
> > > slow
> > > > > > > down
> > > > > > > > the log on process? Also does a DC at a remote site hold
> copies of
> > > all
> > > > > > > user
> > > > > > > > acounts and groups, or does a DC need to query a GC to get
> this
> > > info?
> > > > > > > >
> > > > > > > > I need to find out the relationship between a GC server and a
> DC
> > > in a
> > > > > > > domain
> > > > > > > > so that i can determine if i need to install a GC server at
> each
> > > > > remote
> > > > > > > site,
> > > > > > > > or just a DC at each site.
> > > > > > > >
> > > > > > > > Thanks very much for any help
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>