If the GC is offline, then your users will not be able to log into the domain properly. They will log into their local workstations, if there isn't a policy restricting cached client credentials. The GC looks up the group membership of a particular user, Global and Universal Group Membership. Only Administrators will not be affected by this. This is not the same in Windows Server 2003 with a 2003 Functional Level forest. I also don't understand why there are TWO separate AD forests. Why is there this seperation? Why not a child level domain to the forest root, and have 2 DC's that are also GC's? There are is only 1 FSMO role that is necessary for client authentication (which is dependant on the client OS), and that is the PDC Emulator Role. The PDC role is only for Windows NT4 and lower clients, as well as password resets. The GC is required for group membership enumeration. Here are some docs from Microsoft that will help explain FSMO roles, and best placement in the forest: http://support.microsoft.com/default.aspx?scid=kb;en-us;197132&Product=win20 00 http://support.microsoft.com/default.aspx?scid=kb;en-us;223346&Product=win20 00 Even though the following article explains how to create or move a GC in Windows 2000, there are links at the bottom of the article to further explain the GC. http://support.microsoft.com/default.aspx?scid=kb;en-us;313994&Product=win20 00 HTH, Chris -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil Sent: Thursday, March 11, 2004 3:26 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: slightly OT: ActiveDirectory resilience Um, the GC being unavailable, will affect login - I'm not saying *prevent* login, but it will affect it, for sure. Same with the PDCe depending on what happens at login, and the type of client machine. Most of the FSMO roles are quite irrelevant to login, though. Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Brian Lilley > Sent: 11 March 2004 10:25 > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] slightly OT: ActiveDirectory resilience > > "A termite walks into a bar and says s'the bar tender here?" > > My customer has a two domain controller win2k AD based forest hosting > a citrix fr3 farm. For reasons best known to the customer, they have > a totally seperate win2k AD forest which hosts an NT4 workstation > base. > > Some bloke in the pub told them that if their first dc which held all > five operational master roles plus the global catalogue function > failed, then users would be unable to logon?? I disagree with this > comment because the failure of the three forest wide master roles plus > the GC should not prevent user logon. It may prevent, in some > circumstances, problems adding objects?? Other than, that I imagine > that the domain would continue normally. > > As far as I am concerned, the GC simply holds a subset of the 'domain > partition' bit of the active directory databases from other domains > within the same forest and would have no bearing on logon?? > > Please tell me I am right.... > > Brianos McChips *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This weeks sponsor Emergent Online. Emergent OnLine is the leading server-based computing consulting integration firm in the nation. Emergent OnLine delivers expert consulting services you can depend on. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor Emergent Online. Emergent OnLine is the leading server-based computing consulting integration firm in the nation. Emergent OnLine delivers expert consulting services you can depend on. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm