Windows domain global catalog

As a result, even if you did restore a DC that was a global catalog server, either inadvertently or because that was the solitary backup you trusted, you should remove the global catalog soon after the restore operation is complete. When the global catalog is removed, the computer removes all its partial replicas. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. As a result, domain controllers that have been configured as global catalog servers are used to process authentication and forest-wide search requests in a multi-domain forest.

In a single-domain forest, all domain controllers host the only domain partition in the forest and, consequently, contain a record of all of the objects in the forest.

This results in all domain controllers in a single-domain forest being capable of processing authentication and domain service requests. Active Directory takes advantage of this by allowing any domain controller in a single-domain forest to function as a virtual global catalog server, regardless of whether it has been configured as a global catalog server. The only limitation to the virtual global catalog behavior is that only domain controllers configured as global catalog servers can respond to queries directed specifically to a global catalog.

When a new domain is created the first domain controller will be made a global catalog server. Each site in the forest should contain at least one global catalog server to eliminate the need for an authenticating domain controller to communicate across the network to retrieve global catalog information. In situations where it is not feasible to deploy a global catalog server in a site, such as a small remote branch office, Universal Group Membership Caching can reduce authentication-related network traffic across a network and allow for logon authentication even when communication with a global catalog server is inaccessible from within the remote site.

This feature still requires communication with a global catalog server to process initial logons within the site and perform search requests. In any case, it is recommended that all domain controllers be configured as global catalog servers unless there is a specific reason to avoid doing so. Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper!

Your email address will not be published. Save my name, email, and website in this browser for the next time I comment. Post Comment. You have read and agreed to our Privacy Policy. A typical domain controller stores a complete replica of objects in its own domain, but not for other domains in the forest.

The GC receives data from all the domain directory partitions in the forest, they are copied using via standard AD replication service.

The set of attributes that are copied to the Global Catalog is defined in the AD schema. If necessary, you can configure additional attributes that will be replicated to the GC using the Active Directory Schema mmc snap-in.

The first GC server was automatically created on the first domain controller in the forest when you promote DC during installing Active Directory Domain Services role. In the case of a single AD site , even if it contains multiple domains, a single Global Catalog server is usually sufficient to process Active Directory requests. In a multi-site environment in order to optimize network performance consider adding GC servers to ensure a quick response to search queries and fast logon.

Also, at least one GC server must be present on each AD site where Exchange is supposed to be installed. For resiliency purposes, it is important to keep at least a few domain controllers with the Global Catalog role.