In native mode, GC's are required to process logons, as I have read it. But
it is also recommended to have non-GC DC's to ease replication issues. But
in a native mode environment, what would a non-GC DC actually do?

All DC's can process logons whether or not they are a GC. A GC does not
itself process logons but one is required during the logon process.

An authenticating DC must contact a GC during the logon process to determine
Universal Group membership of the user. If it is a GC itself then it will
use its own GC but if it is not it will simply ask a remote GC for the
answer before continuing the logon process itself.

<-> wrote in message news:uwoDa7eAEHA.580@TK2MSFTNGP11.phx.gbl...

Hi,

For most things, you just need a regular DC. The DC has all information on
all objects in the domain. The GC has partial information on objects in all
domains. Universal groups can have members from any domain, so the client
must contact a GC to find all group memberships. Unfortunately, even if you
have one domain, or no Univeral groups, the GC must be contacted to discover
this.

Because the GC has a partial replica of every object in the forest, it can
be large. It requires more hard drive and more replication traffic. Thus, a
trade off is involved when deciding how many to have. The official advice is
to make the first 2 DC's in each domain GC's, then 1 out of every 2
thereafter. Most traffic is between the client and a DC (whether it has a GC
or not).

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--

"Simon Geary" <simon_geary@hotmail.com> wrote in message
news:Og0b40fAEHA.1600@tk2msftngp13.phx.gbl...