Domain controllers that are not Global Catalog servers

Discussion in 'Active Directory' started by randy, Feb 12, 2008.

  1. randy

    randy Guest

    I have 2 domain controllers for my domain and want to bring on a 3rd. I did
    not make the 3rd server a Global Catalog server. As a result, after bringing
    it online several users were complaining they could not longer authenticate
    to the domain. I powered off the new DC and then they were able to get in.

    Why would that DC try to handle user logins if it is not a GC? How can I
    make sure that if I havea DC that is not a GC that it does not handle or
    accept user login requests or have it hand those requests off to a GC in the

    randy, Feb 12, 2008
    1. Advertisements

  2. Hello Randy,

    Please post an ipconfig /all from all dc's and one client having the problem.
    Also it is best for redundancy to have more then one DNS/GC. How is your
    DNS setup?

    Best regards

    Meinolf Weber
    Meinolf Weber, Feb 12, 2008
    1. Advertisements

  3. randy

    randy Guest

    I have two DC's now, this is the third. Two existing DC's are GC's and both
    have DNS configured on them with AD integrated zones. New DC is not currently
    a DNS server, but will be. Clients point to two existing DC's for DNS, and
    each DNS server points to other DNS server as primary and itself as secondary.

    The new DC that is not a GC or DNS server points to both existing DNS
    servers. Right now I can not post the ipconfig /all from the client. If there
    is something specific you are looking for, please let me know. Thanks.
    randy, Feb 12, 2008
  4. randy

    MrHusy Guest

    Hi randy
    First of all, keep in mind that Global Catalog is not have to be set for
    authenticating users unless a forest with subdomains exist. Another
    mission-critical role for GC is Exchange Server.
    Choice of DC for client to authenticate is a long story. But long story
    short, we can say this elimination process as a random round-robin. And being
    GC does not play a role in here. The reason why you got authentication
    failures is you do not have DNS configured in 3rd DC.
    Install DNS services into 3rd DC, and make sure you do the appropriate
    zone transfer settings in DCs.

    MrHusy, Feb 13, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.