AD not checking for UPN uniqueness

[Guest]

Hello,

We have been having some issues with our Global Catalog over the past few
days. After rebooting one of our root domain controllers (non-GC) we were
unable to query the entire directory for objects, they all came back empty.
We rebooted the GC of the root domain, and this seemed to resolve it, but we
are currently having a problem in our child domain that the AD users and
computers is not checking the GC for UPN uniqueness and it is letting
duplicate UPN's get created.

It's like the GC is partially working, but not all the way. Should I put
GC on another domain controller, or promoted a new DC and make it a GC, to
force an enumeration of the GC?

 

[Paul McGuire]

you need to take a look at FSMO placement. If i remember correctly in a
Multiple DC environment you should place the GC on a different DC that the
infrastructure master.

FSMO placement and optimization on Windows 2000 domain controllers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346


HTH

Paul McGuire

 

[ptwilliams]

That's only relevant in a multi-domain forest when some DCs are not GCs. In
a single domain, or even a small, well connected forest, you should make all
DCs GCs.

http://www.msresource.net/kb/gc&im_compat_details.html


--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


you need to take a look at FSMO placement. If i remember correctly in a
Multiple DC environment you should place the GC on a different DC that the
infrastructure master.

FSMO placement and optimization on Windows 2000 domain controllers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223346


HTH

Paul McGuire

 

[Laura A. Robinson [MVP]]

circa Fri, 3 Sep 2004 23:13:24 +0100, in
microsoft.public.win2000.active_directory, ptwilliams (ptw2001
@hotmail.com) said,

That's only relevant in a multi-domain forest when some DCs are not GCs. In
a single domain, or even a small, well connected forest, you should make all
DCs GCs.

http://www.msresource.net/kb/gc&im_compat_details.html

I'd hesitate to use the word "should", although I otherwise agree.

Laura

 

[Laura A. Robinson [MVP]]

circa Fri, 3 Sep 2004 12:14:17 -0400, in

Hello,

We have been having some issues with our Global Catalog over the past few
days. After rebooting one of our root domain controllers (non-GC) we were
unable to query the entire directory for objects, they all came back empty.
We rebooted the GC of the root domain, and this seemed to resolve it, but we
are currently having a problem in our child domain that the AD users and
computers is not checking the GC for UPN uniqueness and it is letting
duplicate UPN's get created.

It's like the GC is partially working, but not all the way. Should I put
GC on another domain controller, or promoted a new DC and make it a GC, to
force an enumeration of the GC?

It sounds like you have DNS problems to me. How is DNS set up, and
have you looked at it to make sure it's clean?

Laura