There are two ways of making your DC a GC and you can read on to learn how.
But before we launch into it, just look at this “making your DC a GC” sentence for a moment. It makes me think that it is a good example of what not to do in writing for non-technical audience 🙂 I’ve recently started to watch a very interesting course on CBT Nuggets – “Essential Soft Skills for the IT Professional” by Steve Richards, and there you may learn that key things in writing tech reports to non IT audience are: avoid JATB, give MWLH and don’t SUCK 🙂
Which of course means avoid Jargon, Acronyms, Techspeak, Buzzwords (JATB), give More Why Less How (MWLH) and don’t Suffer from Using Computer Knowledge (SUCK) 🙂
OK, getting back to the main topic and switching to tech writing again. First it would be nice to check which DCs are already GC-enabled, and you can do this by issuing the following PS cmdlets:
Now how to enable/disable GC:
1) PS way of enabling GC:
And you can use the same cmdlet to disable it as shown on screenshot below:
2) GUI way. Access Active Directory Sites and Services (dssite.msc), locate domain controller you need to make a GC and access General tab of its NTDS Settings Properties:
By the way there is an interesting connection between GC and group scopes. You can only convert to a universal group from any other group scope on a domain controller that has the global catalog. This is somewhat obvious, as universal groups, which combine the best of two worlds (i.e. domain local and global groups) can have members from domains other than the domain where the group object is stored and can be used to provide access to resources in any domain, only a global catalog server is guaranteed to have all universal group memberships that are required for authentication.