Need assistance demoting DCs. Global Catalog questions.

[Winchester]

Everything has been working great since I migrated from 2xWindows 2000 Servers, to 2xWindows 2003 servers, but I have ran across a problem. I now want to demote the old servers (one data/one exchange, both domain controllers) from the domain. However, when I put in the new servers, (one data/ one exchange) I only made the data server a DC. The exchange server, while it does have AD, I never officially made it a DC. I have transferred the AD roles from our old server to our Data server (infrastructure, etc) but now it is asking about a making sure I have another Global Catalog when I run DCPROMO on the old server. I did some reading and found that I can not have the infrastructure controller and the global catalog on the same server. I am fixing to begin setting up another windows 2003 server; it will just be for running the backup tape drive.

My question is, what do I need to do to make the Exchange server the global catalog so that I can demote the old servers? Or how do I test to see if it already is a GC?

Should I use this instead of the Exchange server as the global catalog? I am also thinking of making this a VPN server.

Does this all have to do with having to manually create an exchange mailbox on the exchange server when I create a user on the data server? If I create it on the exchange server it asks me when I am creating the user. I just want to be able to use any server to create a user/mailbox

 

[Winchester]

Bump!

 

[TechBoyJK]

what does the global catalog do?

 

[mikecel79]

what does the global catalog do?

A GC holds a partial list of all attributes of all objects in an AD forest. It's used to speed up searches in large AD environments. Well all AD environments but especially large ones. It's also necessary to contact a GC when authenticating in Win2k level AD environments.

 

[alent1234]

if it is like win2000 then open up AD sites and services, go to the server and right click on NTDS settings. Click the global catalog checkbox.

sounds like you are in a small company. I would recommend putting DC's on separate servers from Exchange and other apps. you can even use a workstation as a DC with no problems. We have some HP ML110 servers in small offices and they don't even get stressed.

 

[mikecel79]

Originally posted by: alent1234
if it is like win2000 then open up AD sites and services, go to the server and right click on NTDS settings. Click the global catalog checkbox.

sounds like you are in a small company. I would recommend putting DC's on separate servers from Exchange and other apps. you can even use a workstation as a DC with no problems. We have some HP ML110 servers in small offices and they don't even get stressed.

I would never ever use a workstation as a DC. I always use something with redundancy for something as important as a DC. It may not get stressed but I don't want to have to clean up AD and rebuild a DC because the HD blew up on a DC. I always get DCs with redundant PSUs and at least RAID 1. The small cost up front is more less important than me scrambling around to restore a failed DC.

I do agree that a DC should not be combined with other apps for security and stability reasons.

 

[alent1234]

I'm in a company with 650 people on the east coast in 15 offices. Each one has a DC. The datacenter has a few of them. If one crashes we'll just reinstall the OS, name it the same and promote it again. We had to do it to one after it caught the blaster worm. No problems. Best redundancy for a DC is to have at least 2 for each domain in your forest. You can have all the hardware redundacy in the world, but if your OS gets screwed, it's not going to help you.

Since late 2001 we have been using our second line servers as DC's with no problems. The child domains DC's are old crappy workstations that have been replaced by newer PC's. The only new machines are the cheapo ML 110s that we bought. Other than the worm, i had a DC give me problems once. I demoted it and then promoted it again. It has worked fine since.

P.S. A few years ago I couldn't figure out a way to get rid of NT4 DC's from the directory other than ADSI edit. I decided to roll a win2000 machine with the same name, after the original had been turned off. Then promote it, wait 30 minutes and demote it. It worked. I mentioned it to a MS PSS tech on a call once and he confirmed that it's a good way to do it.

 

[stash]

It should be noted that changing the mode of an Exchange server is not supported. This means if you decide to install Exchange on a DC, demoting that server is not supported.

The small cost up front is more less important than me scrambling around to restore a failed DC.

The whole point is to have multiple DCs, so you don't have to scramble when one dies.

Making a workstation a DC is fine, I recommend that all the time to customers who only have a single DC. I don't recommend making ALL of your DCs workstations, but you should always have at least 2 DCs in a domain. So if you have to make a workstation a DC to get to two DCs, so be it.

For the original questions, you can't make the Exchange server a GC unless it is a DC. And if you make an Exchange server a DC, you HAVE to make it a GC.

 

[BDawg]

What happens if the global catalog server goes down? Is it possible to have multiple global catalog servers?

 

[Winchester]

Yes you can have as many as you want. AFAIK

I fixed the problem. I installed Windows Server 2003 and with the same computer name and made it a DC, restarted, then demoted it. All is well in the world of Winchester. Now if I can just get Veritas Backup working. time to make a new thread.

Thanks for all the help guys

 

[mikecel79]

Originally posted by: BDawg
What happens if the global catalog server goes down? Is it possible to have multiple global catalog servers?

Yes. Any DC can be a GC except for the Infrastructure Master in a multi-domain environment. In a single domain environment all DCs and be GCs.

 

[mikecel79]

The whole point is to have multiple DCs, so you don't have to scramble when one dies.

Making a workstation a DC is fine, I recommend that all the time to customers who only have a single DC. I don't recommend making ALL of your DCs workstations, but you should always have at least 2 DCs in a domain. So if you have to make a workstation a DC to get to two DCs, so be it.

I've had the unfortunate luck of having two DCs have their hard drives die within 2 days of each other and having to restore the entire domain from scratch. Yes it was in a lab and had no impact on production but I still recommend to this day to not use workstations. I understand that having multiple DCs makes your AD have redundancy but I like to have redundancy on all my DCs hardware as well.