Tag Archives: GC

How to: enable GC on domain controller (2 ways)

There are two ways of making your DC a GC and you can read on to learn how.

But before we launch into it, just look at this “making your DC a GC” sentence for a moment. It makes me think that it is a good example of what not to do in writing for non-technical audience 🙂 I’ve recently started to watch a very interesting course on CBT Nuggets – “Essential Soft Skills for the IT Professional” by Steve Richards, and there you may learn that key things in writing tech reports to non IT audience are: avoid JATB, give MWLH and don’t SUCK 🙂

CBT Nuggets Tech Reports for Non-tech audience

Which of course means avoid Jargon, Acronyms, Techspeak, Buzzwords (JATB), give More Why Less How (MWLH) and don’t Suffer from Using Computer Knowledge (SUCK) 🙂

OK, getting back to the main topic and switching to tech writing again. First it would be nice to check which DCs are already GC-enabled, and you can do this by issuing the following PS cmdlets:

Now how to enable/disable GC:

1) PS way of enabling GC:

And you can use the same cmdlet to disable it as shown on screenshot below:

Enable or disable GC with PS

2) GUI way. Access Active Directory Sites and Services (dssite.msc), locate domain controller you need to make a GC and access General tab of its NTDS Settings Properties:

NTDS Settings - Global Catalog

By the way there is an interesting connection between GC and group scopes. You can only convert to a universal group from any other group scope on a domain controller that has the global catalog. This is somewhat obvious, as universal groups, which combine the best of two worlds (i.e. domain local and global groups) can have members from domains other than the domain where the group object is stored and can be used to provide access to resources in any domain, only a global catalog server is guaranteed to have all universal group memberships that are required for authentication.

Please follow and like us:
error0

Domain controller without NTDS settings in Active Directory Sites and Services

Just a quick note as I go through 70-410 training from CBT Nuggets. Normally whenever you access Active Directory Sites and Services you may see list of domain controllers within your site/sites:

NTDS Settings

And each of them has NTDS Settings. But what if you see domain controller without NTDS settings here? It means that some of your domain controllers was demoted/removed from environment, but whenever you do this you have to remove domain controller from your site manually so that it doesn’t presented to you in this location/console.

And, yes, to configure existing DC as Global Catalog you just go to NTDS Settings Properties and select respective checkbox:

NTDS Settings - Global Catalog

Please follow and like us:
error0