You want to disable the requirement for a global catalog server to be reachable when a user logs into a Windows 2000 domain.
Open the Registry Editor (regedit).
In the left pane, expand HKEY_LOCAL_MACHINE → System → CurrentControlSet → Control.
Right-click on LSA and select New → Key.
Enter IgnoreGCFailures for the key name and hit enter.
Restart the server.
> reg add HKLM\SYSTEM\CurrentControlSet\Control\LSA\IgnoreGCFailures /ve > shutdown /r
' This code enables the IgnoreGCFailres registry setting and reboots strLSA = "HKLM\SYSTEM\CurrentControlSet\Control\LSA\IgnoreGCFailures\" Set objWSHShell = WScript.CreateObject("WScript.Shell") objWSHShell.RegWrite strLSA, "" WScript.Echo "Successfully created key" WScript.Echo "Rebooting server . . . " objWSHShell.Run "rundll32 shell32.dll,SHExitWindowsEx 2"
With Windows 2000, a global catalog server must be contacted for every login attempt; otherwise, the login will fail (unless there is no network connectivity, which would result in a cached login). This is necessary to process all universal groups a user may be a member of. When a client attempts to authenticate with a domain controller, that domain controller contacts a global catalog server behind the scenes to enumerate the user’s universal groups. See Recipe 7.9 for more details. If you have domain controllers ...