Thanks for the info Omar - you have a substantial amount of information there which obviously shows your expertise in the matter. From what I gather when the clients can't find a local GC, DC, or ISTG server in their site, they will then look outside their site for information. I guess that means that they may still use a GC from another site as long as the link between sites is up. Obviously if the Exchange server is not in the same site and the site link is down, then the users are pretty well hosed for sending email, but if they were in cached mode they would still have their contact list, calendar and a copy of all email prior to the disaster. I guess as an admin you do what you can (within budget) and make sure you have analyzed possible disaster scenarios before they happen. Thanks again for all your help. Mark Mills ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi Sent: Thursday, September 21, 2006 4:59 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Temporarily running without a GC ...how to prepare for it. mark, Universal group caching is helps out with logons in remote sites that do not have a GC local. Your Exchange server does also require a GC and if there is no GC in the AD site that Exchange is located in-you have will have many issues. For your users with O2k3 in Cached mode- If they do not have a local GC- the Exchange server will prompt them for logon and validate that against the DC exchange is using (check Exchange System manager- server properties- directory access tab) If the Exchange server does not have a DC in the local AD site for the particular domain your user's AD account is located in-it will do a DNS lookup for a DC in the particular domain and pass the authentication check to that DC. So in short- as long as the DC's and GC's are functioning in the same AD site as the E2k3 server the worst thing will happen to your Outlook 2003- cached users is that they may be prompted for user Id and password. This of course assumes that DNS resolution and probably DHCP is still functional. please remember that if there is no local DC- the client will attempt to connect to a remote DC if the DNS server that this client is using is still functional. Most o2k3 cached mode operations involve the local machine and the Exchange server- If for some reason your user wished to browse the address book and he/she chooses an address book other than the GAL or the Outlook Address Book Then the request will go to the GC that Exchange server has in its directory access list. Now on a separate note- The GP setting that you are referencing (cached logon) I think is misleading- unless I have it mixed up. I believe that setting is used to set the number of different users that are allowed to logon to that particular machine using cached credentials if there is no available dc to authenticate them. This has nothing to do with the registry setting for the universal group caching. I would be hesitant to add that key if your organization uses any Universal Security groups (which may be used for resource access to Exchange Public folders, etc) hope that is helpful and makes sense. Omar ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Mills, Mark Sent: Thursday, September 21, 2006 2:39 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Temporarily running without a GC ...how to prepare for it. Just curious, I just read the following article: How to disable the requirement that a global catalog server be available to validate user logons http://support.microsoft.com/kb/241789 I've been told this method is called running with Universal Group caching and works best with sites of less than 100 users. Does this mean that if for some reason your GC goes down (or maybe just the link to them) your users can continue to work as normal, providing that their Outlook is in "Exchange Cached Mode" or do you still need to make sure that the Group Policy for cached logons is greater than the default "10" in a pc's local security policy? That default "10" cached logon is found at Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options ->Interactive Logons So if I had to run without a GC (temporarily) and users were using Universal Group Caching , and the users had their Outlook set to run in "Exchange Cache Mode" would the downed GC have any effect on them? I'm always trying to stay abreast of what I would do if the unthinkable happens. I have multiple GC's in each site so this should never be a problem - however if it did happen, I would like to know what to do to keep the users up and running (without down time) while I would be repairing the GC's (or link to them) Mark Mills