This feature still requires communication with a global catalog server to process initial logons within the site and perform search requests. In any case, it is recommended that all domain controllers be configured as global catalog servers unless there is a specific reason to avoid doing so.
Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper! Your email address will not be published. Save my name, email, and website in this browser for the next time I comment.
Post Comment. You have read and agreed to our Privacy Policy. Active Directory Security. Privileged Access Management. Stealthbits Privileged Activity Manager. Stealthbits Activity Monitor. The GC receives data from all the domain directory partitions in the forest, they are copied using via standard AD replication service. The set of attributes that are copied to the Global Catalog is defined in the AD schema.
If necessary, you can configure additional attributes that will be replicated to the GC using the Active Directory Schema mmc snap-in. The first GC server was automatically created on the first domain controller in the forest when you promote DC during installing Active Directory Domain Services role. In the case of a single AD site , even if it contains multiple domains, a single Global Catalog server is usually sufficient to process Active Directory requests. In a multi-site environment in order to optimize network performance consider adding GC servers to ensure a quick response to search queries and fast logon.
The global catalog indexes information, which is configurable by the administrator so that only crucial data is included. When you have a global catalog server in a local site, logons and network queries are faster.
The disadvantages to having a global catalog lie in the additional traffic that is caused during replication, queries, browsing, and logons. Definitely good. Both with GC? Also good. DHCP should only run on the domain controllers, not the router unless they are different scopes and you have VLANs to separate the clients - in general just turn it off on the router.
You can split the scope and run DHCP on both servers useful if you have a lot of clients or multiple scopes , or leave it on a single if there are few clients. Group Policy should also be on both.
Domain controllers use peer-to-peer replication, changes made on one will get updated on the other after. Any domain information on one, should always be on a second for redundancy this includes active directory, group policy, and DNS.
To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks.
0コメント