In multi-domain environments, the global catalog server that you select may not be in the same domain as Active Directory group objects. Therefore, users cannot update group membership because the local global catalog server has a read-only copy of the group.
from: How to configure a specific GC: http://support.microsoft.com/default.aspx?scid=kb;EN-US;319206
Since an Outlook client can choose any of the available GCs in the enterprise, when a user tries to update a group membership, obviously it's going to fail if connected to a GC that has a read-only copy. So the fixup, according to the KB article, is to specify a particular GC. But by specifying a particular GC, all of a sudden I have lost the redundancy that AD gives me! Catch-22! Is this an Exchange design flaw? How are others handling this problem? TIA!
Mike Thommes
