I can define a site using a 32 bit subnet mask? That's a
possibility I hadn't considered! I'd have been afraid that would confuse the
heck out of the kcc!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, July 20, 2005 7:53 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Does a domain require a GC?
Dean killed the first question pretty well I think. The
second question or implied question that I got was "don't I have to set up a
special IP subnet to do this?" and the answer is no. You do not need a physical
network breakup to define a logical site in AD and assign subnets. I did
this in DataCenters quite often. A single data center with tons of
subnets would have different pieces carved out and added to various sites
depending on what DCs they needed to be with. This was sometimes a pain but
network didn't always want to work with us in terms of giving us whole ranges of
physical subnets to work with. There were more than one single IP
subnets (32 bit mask) defined in that directory.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Tuesday, July 19, 2005 12:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Does a domain require a GC?
I don't understand your comment about converting universal
groups to local groups. Can you explain what you mean here?
Your suggestion about moving the root DCs to a separate
site would work, but it would require me to set up a dedicated IP subnet at the
two different locations where the DCs are located. The networking folks would
not want to do that.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti
Sent: Monday, July 18, 2005 6:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Does a domain require a GC?
Hi Ken,
There is (at least) one requirement for a GC in every
domain. If you don't have a GC in a domain, you cannot convert universal groups
in that domain to local groups. However, this is probably not a big concern for
your empty root domain...
Also a couple of suggestions:
- Why not have all the DCs of the child domain as GCs? This
wouldn't add practically any replication, or the size of the NTDS.DIT on those
new GCs.
- Instead of removing GCs from the root domain (because of
the Outlook issue), how about putting the root domain DCs (which would be GCs)
on a site with no clients, and with such a replication topology, that a child
domain GC is always closer to any client than a root domain
GC?
Yours, Sakari
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Monday, July 18, 2005 7:19 PM
To: ActiveDir@mail.activedir.org; Exchange Discussions
Subject: [ActiveDir] Does a domain require a GC?We have two domains in our forest. The "empty" root domain, and a resource domain where everything else lives. The root domain has two DCs - one each in two different sites.Our main domain has several DCs, and most of those are GCs as well. The sites containing the root DCs each also have at least one resource domain DC, and at least one of these DCs is a GC. In other words, all sites have at least one resource domain DC and at least one of those is a GC as well.My question is: can I remove GC function from the two root DCs? I seem to recall reading that at least one DC in a domain had to be a GC, but I can't find that requirement now.All DCs are server 2003. The forest is 2000 native mode.Why do I want to do this? We configure Outlook to use the "closest" GC. We want to insure that Outlook can manage distribution lists (universal groups), and Outlook can only do that if the GC is in the same domain as the group. We are currently using a home-grown application to manage DL membership, but we'd like to switch back to outlook.
