Where to find global catalog servers

As the graphic illustrates, each domain controller maintains a replica of its local domain partition, the configuration partition, and the schema partition. In a multi-domain forest like the one shown above, global catalog servers also host an additional set of read-only partitions.

Each of these partitions contains a partial, read-only replica of the domain partition from one of the other domains in the forest. It is the information in these partial, read-only partitions that allow global catalog servers to function as a reliable central repository of domain information.

As a result, domain controllers that have been configured as global catalog servers are used to process authentication and forest-wide search requests in a multi-domain forest.

In a single-domain forest, all domain controllers host the only domain partition in the forest and, consequently, contain a record of all of the objects in the forest. This results in all domain controllers in a single-domain forest being capable of processing authentication and domain service requests.

Active Directory takes advantage of this by allowing any domain controller in a single-domain forest to function as a virtual global catalog server, regardless of whether it has been configured as a global catalog server. The only limitation to the virtual global catalog behavior is that only domain controllers configured as global catalog servers can respond to queries directed specifically to a global catalog. When a new domain is created the first domain controller will be made a global catalog server.

Each site in the forest should contain at least one global catalog server to eliminate the need for an authenticating domain controller to communicate across the network to retrieve global catalog information. In situations where it is not feasible to deploy a global catalog server in a site, such as a small remote branch office, Universal Group Membership Caching can reduce authentication-related network traffic across a network and allow for logon authentication even when communication with a global catalog server is inaccessible from within the remote site.

This feature still requires communication with a global catalog server to process initial logons within the site and perform search requests.

In any case, it is recommended that all domain controllers be configured as global catalog servers unless there is a specific reason to avoid doing so. Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper! If your locations include applications that do not deliver adequate response over a WAN link, you must place a global catalog server at the location to reduce query latency.

Read-only domain controllers RODCs can be promoted successfully to global catalog server status. However, certain directory-enabled applications cannot support an RODC as a global catalog server. However, Microsoft Exchange Server works in environments that include RODCs, as long as there are writable domain controllers available. Exchange Server also ignores RODCs in default conditions where Exchange components automatically detect available domain controllers.

No changes were made to Exchange Server to make it aware of read-only directory servers. Therefore, trying to force Exchange Server services and management tools to use RODCs may result in unpredictable behavior. Place global catalog servers at all locations that contain more than users to reduce congestion of network WAN links and to prevent productivity loss in case of WAN link failure. You do not need to place a global catalog at a location that does not include applications that require a global catalog server, includes less than users, and is also connected to another location that includes a global catalog server by a WAN link that is percent available for Active Directory Domain Services AD DS.

In this case, the users can access the global catalog server over the WAN link. Roaming users need to contact the global catalog servers whenever they log on for the first time at any location. If the logon time over the WAN link is unacceptable, place a global catalog at a location that is visited by a large number of roaming users. For locations that include less than users and that do not include a large number of roaming users or applications that require a global catalog server, you can deploy domain controllers that are running Windows Server and enable universal group membership caching.

Ensure that the global catalog servers are not more than one replication hop from the domain controller on which universal group membership caching is enabled so that universal group information in the cache can be refreshed.

High-Performance Cloud Computing. Techopedia Terms. Connect with us. Sign up. Term of the Day. Best of Techopedia weekly. News and Special Offers occasional. Global Catalog GC. Techopedia Explains Global Catalog GC A global catalog is a multi-domain catalog that allows for faster searching of objects without the need for a domain name.

Some of the common global catalog usage scenarios are as follows: Forest-wide searches User logon Universal group membership caching Exchange address book lookups.