As advised earlier, you place GC servers in your DC sites. Remember that GCs handles the logon authority for their "custody" domains and are essential for native-mode domains — and the application of Universal groups.
You should also place a backup GC in a sensitive or mission-critical domain, or have an online backup that can scream to the rescue. Losing the DC means losing the GC as well, and if that happens, your users must log on with their imaginations.
Understand that the GC holds the membership of the Universal groups, so when a logon request is made of a native-mode DC, the DC requests the GC to calculate the complete group membership access level of a particular user. With that level of security, if the GC has taken leave, your user is denied logon.
The only time that you can be lax on the GC availability scene is when you are dealing with a single domain. If this is the case, the GC is used mainly for search and seek.
Was this article helpful?