An Overview on Global Catalog Servers
The Global Catalog (GC) is an important component in Active Directory because it serves as the central information store of the Active Directory objects located in domains, and forests. Because the GC maintains a list of the Active Directory objects in domains and forests, without actually including all information on the objects; and it is used when users search for Active Directory objects or for specific attributes of an object; the GC improves network performance and provides maximum accessibility to Active Directory objects. The Global Catalog server is the domain controller that stores a full copy of all objects in its host domain. It also stores a partial copy of all objects in all other domains within the forest. The partial copy holds the list of objects most frequently searched for. The first domain controller that is created in the first domain in a forest is by default the Global Catalog server. If a domain only has one domain controller, that particular domain controller and the GC server are the same server. If you add an additional domain controller to the domain, you can configure that domain controller as the GC server. You can also assign additional domain controllers to serve as GC servers for a domain. This is usually done to improve response time for user logon requests and search requests.
In order for Global Catalog servers to store a full copy of all objects in its host domain, and a partial copy of all objects in all other domains within the forest, GC replication has to occur between those domain controllers that are configured as GC servers. GC replication does not occur between domain controllers that are not GC servers.
The functions of the GC server are discussed in the following section. The functions performed by the GC server can be summarized as follows:
- GC servers are crucial for Active Directory's UPN functionality because they resolve user principal names (UPNs) when the domain controller handling the authentication request is unable to authenticate the user account because the user account actually exists in another domain. The authenticating domain controller would have no knowledge of the particular user account. The GC server in this case assists in locating the user account so that the authenticating domain controller can proceed with the logon request for the user.
- The GC server deals with all search requests of users searching for information in Active Directory. It can find all Active Directory data irrespective of the domain in which the data is held. The GC server deals with requests for the entire forest.
- The GC also makes it possible for users to provide Universal Group membership information to the domain controller for network logon requests.
Universal Groups are available when the domain functional level is raised or set to least Windows 2000 Native. Universal Groups can contain members that belong to different domains within the forest, and their Universal Group membership information is only stored in the GC. What this means is that only those domain controllers configured as GC servers would contain Universal Group membership information. The remainder of the domain controllers would not hold Universal Group membership information.
The universal group membership caching feature introduced in Windows Server 2003 Active Directory, enables a site that has no GC server to cache universal group membership information for users who log on to domain controllers within the site. In this manner, a domain controller can serve logon requests for directory information when a GC server is unavailable. The settings of the Active Directory replication schedule determine how often the cache is refreshed.
Configure a New Global Catalog Server
To configure a Windows 2000/2003 Domain Controller as a GC server, perform the following steps:
- Start the Microsoft Management Console (MMC) Active Directory Sites and Services Manager. (From the Start menu, select Programs, Administrative Tools, Active Directory Sites and Services Manager).
- Select the Sites branch.
- Select the site that owns the server, and expand the Servers branch.
- Select the server you want to configure.
- Right-click NTDS Settings, and select Properties.
- Select or clear the Global Catalog Server checkbox, which the Screen shows.
- Click Apply, OK.
You must allow for the GC to replicate itself throughout the forest. This process might take anywhere between 10-15 minutes to even several days, all depending on your AD infrastructure.
Hi
Tks very much for post:
I like it and hope that you continue posting.
Let me show other source that may be good for community.
Source: Network administrator interview questions
Best rgs
David