Last Updated on July 1, 2015 by Admin
Global Catalog Servers
Global Catalog Servers contain a partial replica for every object in Active Directory. A Global Catalog Server is used to find objects in any domain in the forest. Any Domain Controller can be made into a Global Catalog Server. This video looks at how to remove or make a Domain Controller into a Global Catalog Server and also the reasons why and where you should put Global Catalog Servers.
Global Catalog Servers are used to find objects in any domain in the forest but it should be remembered that this does not give the user access to that object. Unless the user has the correct permissions they will not be able to access resources in other domains.
Global Catalog Servers also contain information about groups that span across domains and services that work at the forest level.
How to change a Domain Controller to a Global Catalog Server 04:18
Using the admin tool Active Directory Users and Computers to navigate to the computer account for your Domain Controller. By default this will be located in the Domain Controllers OU.
Open the properties for the Domain Controller and select the button NTDS settings.
Deselect or select the tickbox Global Catalog. Windows will do the rest.
Reasons to deploy Global Catalog Servers
Domain Controllers generate a security token for a user when they first login. If the user is in a group that spans multi–domains, that Domain Controller will need to contact a Global Catalog to get information about that group.
If a user logs in using a Universal Principal Name (UPN), that is, they log in using a user name in the form of username@domainname, a Domain Controller will need to access a Global Catalog Server before the log in is completed.
Global Catalog Servers work as an index to the forest. If you perform any searches on the forest you will need to contact a Global Catalog Server.
Microsoft recommends that any network that is separated by a Wide Area Network have a Global Catalog Server deployed at that location. This will ensure that users can log on if the Wide Area Network is down. In order for a computer to contact a Global Catalog Server, ports 389 (LDAP) and 3267 (Global Catalog) need to be opened. If these ports are not open then the user will not be able to use the remote Global Catalog Server.
Some software requires a Global Catalog Server in order to run. Exchange is a big user of the Global Catalog Server. If you have a decent amount of Exchange users on your network, you should consider deploying a Global Catalog Server close to these users.
Reasons not to deploy a Global Catalog Server
Global Catalog Servers put more load on the server in the form of searches and lookups from the client. Global Catalogs need to keep their index up to date. This requires more network bandwidth. In order to store the Global Catalog Server, you are required to have additional hard disk space on your server.