RE: Demoting Win2000 server with Exchange 2000

  • From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 20 Jul 2003 23:23:53 -0700

> One question if I may just butt in just a second please. Only one GC per
> site? I have been running two on our single site of about 50 machines for
> several months without error. If I had a user location with say 180 users
> and a total of 225 machines and all on one IP subnet I would certainly
> more than one GC? Are we talking AD Sites or IP Subnets as sites? I assume
> the former in which case I have another question. Whilst creating Sites is
> recommended it is not compulsory and whilst AD may not work as well
> them it isn't a prerequisite as I understand so what is the problem with
> multiple GC's' per Site?

While you can have more than one GC per site, (as defined in AD Sites and
Services,) it can lead to replication problems.

Remember, the purpose of the GC is to keep a catalog of all objects in the
forest and each domain, and what domain and group those objects belong to.
It has nothing to do with permissions assigned. You have to have one per
domain, and it is highly recommended to have one per site (when there is
more than one site for a domain).  

If you concern is user login, the only time the GC is absolutely required
for login is when a user logs into a computer for the first time and when
changing a password while logged on the UPN. (user@xxxxxxxxxx) The GC is
queried to determine group memberships and to which domain the user belongs
and which DC to query. It does not respond with permissions, only what
Universal Groups the user may be a part of. (Domain group membership comes
from the DC of the domain.) What permissions those groups may have are still
determined by the appropriate DC.

John Tolmachoff MCSE CSSA
eServices For You

Other related posts: