Determine the Global Catalog

Domain and forest can also share resources available in the active directory. This resource is searched by the Global Catalog in all domains and forests and this search is transparent for users. For example, if you search all the printers in the forest, this search goes to the global catalog server for the request and then the global catalog returns the results. Without a global catalog server, this query must go to each domain in the forest from the result.




It is important to have a global catalog on at least one domain controller because many applications use port 3268 for the search. For example, if you do not have a global catalog server on your network, the search commands in the Windows 2000/2003 start menu can not find objects in the active directory.

A global catalog is a domain controller that contains attributes for each object in Active Directory. By default, only the members of the schema administration group have the right to change the attributes stored in the global catalog, according to the requirements of the organization.

The global catalog contains:
• The attributes that are commonly used must be in the query, such as the user's first and last name and the name of the entry.
• All important information or records to determine the location of any object in the directory.
• Subset of attributes by default for each type of object.
• All permissions related to access to each object and attribute stored in the global catalog. Say, without permission you can not access or view objects. If you are looking for an object where you do not have the appropriate permissions to view, the object will not appear in the search results. This access permission ensures that users can only find objects that have been given access.

A global catalog server is a domain controller that contains a replica of the domain directory that is complete and writable, and in part, only read of all other domain directory partitions in the forest. Take the example of a user object; By default, the user object has many attributes such as name, last name, address, phone number and more. The Global Catalog will only store the main attributes of the user object in search operations such as the user's first and last name or the login name. The partial attribute of the user object that is stored will be sufficient to allow the search of that object to find a complete replica of the object in the active directory. If a search searches for an object, it first goes to the local global catalog and reduces network traffic through the WAN.

Domain controllers always contain a complete list of attributes for the objects that belong to their domain. If the domain controller is also a GC, it will also contain partial replicas of objects from all other domains in the forest.

It is always recommended to have a global catalog server for each active directory site in the corporate network.

Posting Komentar

0 Komentar