Global Catalog Servers
In a multidomain Active Directory environment, more than one domain controllers are used for load balancing, fault tolerance, and for optimization purposes. When there are too many domain controllers and domains, the global catalog servers are used to keep track of Active Directory objects. This is because the domain controllers in a forest can only locate the objects in their own specific domain easily. The process becomes complicated and time consuming when objects need to be searched in other domains of a forest because the domain name of the object is also required.
A global catalog server speeds up the process of searching of objects in other domains of a forest because it possesses the ability to search objects without requiring the domain name for the object. The Global catalog servers work as a distributed centralized repository that store all the information about the AD objects located in various domains and forest.
A global catalog server contains the full, writable domain directory partition replica of its host domain and partial read-only replica of all other domain directory partitions of the other domains in the forest. They also contain information about the most searched attributes of an object. The global catalog server allows you to perform forest wide searches for active directory objects.
Universal Group Membership
The Active directory supports groups of universal scope that contain users from multiple domains in a forest. The membership of universal groups is replicated in the catalogue server. When a user logs in, the universal group membership is obtained from the global catalogue server. If global catalogue server is not available then the universal group membership will also not be available. However, A global catalog is not required if the universal group membership caching is enabled on the domain controller.
The sites having unreliable connectivity with global catalogue server should be configured with universal group membership. This feature allows a site that does not have a global catalog server to cache group membership information of the users who log in frequently to the domain controllers within the site.
The information on a global catalog is automatically updated by the Active Directory replication system. However, the replication can only occur between two global catalog servers and not with other domain controllers.
The global catalog server is configured automatically when you install your fist domain controller in a domain/forest. However, you can configure a domain controller a global catalogue by following the steps given below:
- Open Active Directory Sites and Services snap-in by clicking Start- >Administrative Tools-> Active Directory Sites and Services.
- Expand the site in which you want to configure the global catalogue server.
- Expand the Servers container under the site and then expand the domain controller under it.
- Right-click the NTDS Settings node and the select the Properties menu option from the menu that appears, as shown in Figure 3-24:
- Select the Global Catalogue checkbox from the NTDS Settings Properties window and then click OK, as shown in Figure 3-25.
The server will become a Global Catalogue server.