There seems to be a little confusion in this thread :) 1. Application Directory Partitions (ADP) are used to store AD data, which can then be replicated to a user defined subset of DCs - anywhere in the forest. They are not used for GC-less logons. (See point 2). DNS zones for example, can be stored in ADPs rather than the domain partitions themselves.
2. GC-less logons are possible if the DC at the site (with no GC) is configured to cache universal group membership info from another GC in another site. This does not mean however, that all GC traffic may be handled by the caching DC. Any GAL lookups etc must still be directed to a GC in the forest. The only advantage here, is that a GC is no longer required at logon WRT universal group membership (if caching is enabled for the site with no GC). HTH, Neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 16 July 2003 04:04 Subject: [ActiveDir Digest] --------------------------------------------------------- From: "Rogers, Brian" <[EMAIL PROTECTED]> Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Date: Mon, 14 Jul 2003 23:00:08 -0400 Reply-To: [EMAIL PROTECTED] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C34A7D.3356F490 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Good info there...answered one of a number of questions I also had...although you did add a few more. :-) =20 -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 9:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) =20 Hey Deji, slap a smiley face on that post or a disclaimer about sarcasm = and email not mixing like beer and liquor or something that. :o) =20 I am confused by the app partition making it possible to do GC-less = remote sites... I could take that a couple of ways but app partitions wouldn't = have anything to do with either. A GC-less site is simply a site without a = GC, the machines that need a GC would still be able to find one, just = wouldn't be local. Check out your _gc._tcp.<SITE>._sites.rootdomain.com SRV = record, that will show you what GC(s) will be used for any given site. If a = site doesn't have a GC in it, auto site coverage will kick in and some other = DC based on link metrics and the phase of the moon (humor!!) will = determine what DC publishes to that record.=20 =20 The other way to take that would be the GC-less logon capability that = W2K3 has added. That also doesn't rely on app partitions. It adds an = attribute or two to a user object for maintaining some cache info about GC info. Basically you can go with out GC's in a site if you don't have = universal groups you are using (especially to deny) and you aren't using UPN's. = On W2K we actually now only run about 30 GC's out of our 380 or so DC's and = have enabled the IgnoreGCFailures reg hack because we are lucky like that = and can get away with it.=20 =20 Finally app partitions aren't replicated to every DC in a domain. You = select where you want to replicate that info to, otherwise there would be no = point in it, might as well just throw the data into the config or domain partitions.=20 =20 joe =20 =20 -----Original Message----- From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf = Of [EMAIL PROTECTED] Sent: Monday, July 14, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Yes, you did indeed miss it. So, go find it. Yourself, this time with = no help. =20 Hint:=20 Application partition is the new partion in E2K3 which, in addtion to = The Domain, Configuration and Schema Partitions now make up the AD database = in E2K3. =20 It is this change that makes it possible now to deploy GC-less Remote = Sites. The Application Partition is SHARED(replicated) to ALL DCs in the = Domain, including designated DCs in the Forest. =20 =20 Sincerely, D=E8j=EC Ak=F3m=F6l=E1f=E9, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon =20 _____ =20 From: [EMAIL PROTECTED] on behalf of Rogers, Brian Sent: Mon 7/14/2003 11:53 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) Woahhhhh....I musta missed that document. AD integrated DNS can now be separated from regular replication? =20 Gotta link? Book? Paper? Smokesignal? Morse? :-) =20 -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Quick AD integrated DNS question :) =20 This would be correct. But, remember that in the replication strategy = for Win2k - data goes to every DC regardless if it's a DNS server or not - because once it's DNS-integrated, it's now a part of the AD data. This trend is broken in Win2k3, where application partitions can handle DNS = - and do. The DomainDNS and ForestDNS are just that, for all intents and purposes. They are AD Application parts handling DNS for just DNS = servers - and no DNS data need be on the DCs, unless it too, is a DNS server once = the full DNS app partition is configured. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone =20 =20 _____ =20 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rogers, Brian Sent: Monday, July 14, 2003 10:10 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) I was looking more along the lines of replication traffic. However = since the zone is replicated within AD....there shouldn't be any additional = (or if so very minimal) replication traffic between the DNS servers other than = the normal AD replication traffic correct? =20 -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Monday, July 14, 2003 10:58 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Quick AD integrated DNS question :) =20 I always configure every DC as a DNS server. I consider that if a = location requires a DC, it also requires local DNS. =20 =20 This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/