Determining the Impact of Global Catalog Failure

PC Repair Tools

Advanced Registry Cleaner PC Diagnosis and Repair

Get Instant Access

When a user authenticates against an Active Directory domain controller, the domain controller must be able to contact a global catalog to determine if the user is a member of any universal groups. If a domain controller fails to contact a global catalog, the user's logon will fail. As such, if a domain controller is going to be placed in a remote site in order to ensure local access to local resources in an office where many users might not have locally caches credentials, it is important to make the domain controller a global catalog as well.

For extremely large sites, this additional global catalog traffic might be excessive if it must be placed on every domain controller in the enterprise to protect logons for remote sites. Optionally, you can disable this requirement for contacting a global catalog in order to authenticate a user successfully. Doing the following disables this function:

From the run command, launch Registry Editor (Regedt32.exe).

Drill down to the following key in the Registry:

HKEY_LOCAL_MACHINE\System\

CurrentControlSet\Control\Lsa

Was this article helpful?

0 0

Responses

  • silke boehm
    What is the impact if global catelog server goes down?
    2 years ago

Post a comment