How to Disable Requirement that a Global Catalog Server Be Available to Validate User Logons

• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Server

SUMMARY

Placement of Global Catalog servers in remote sites is usually desired to improve performance in user logon time, searches and other actions requiring communication with Global Catalog servers, and to reduce wide area network (WAN) traffic. However, to reduce administrative intervention, hardware requirements, and other related overhead, in some situations you may not want to locate a Global Catalog server at a remote site. Essentially, duplicating the functions of the backup domain controller (BDC) in the Microsoft Windows NT 4.0 environment. This is especially relevant in environments that have a large number of sites which could experience substantially increased hardware costs when the size of the sites may not justify that hardware and administration. The problem as noted earlier in this article, is that logons require the domain controller (DC) authenticating the user to contact a Global Catalog server to determine if the user is a member of any universal groups. So if the remote office does not have a Global Catalog server and a Global Catalog server cannot be contacted (for various reasons) the user's logon request may not work (based on the rules stated earlier).

MORE INFORMATION

To eliminate the need for a Global Catalog server at a site and avoid potential denial of user logon requests, the following registry key is provided to perform logons if a Global Catalog server is not available:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\IgnoreGCFailures

Additional query words:

Keywords : kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo