Active Directory

Global Catalog

Global Catalog

The global catalog is a distributed data repository that is stored in global catalog servers and issued via multi master replication. It basically is composed of a representation (partial) of every object in the multi domain Active Directory forest that can also be searched. The global catalog is used because searches can be made faster because they don’t need to go through the hassle of involving referrals to different domain controllers.

In addition, the global catalog allows finding an object that you wish without needing to know the object’s domain name. This is possible because not only does it hold a full, writable domain directory replica, but it also has a partial, read-only replica of all the domain directory partitions in the forest. Therefore, by being composed of only the most used attributes during searching, all objects in every domain in any small or big forest can be found and represented in the database of one global catalog server.

To maintain the ability to conduct a full, fast, and effective search, the global catalog is constantly updated by the Active Directory replication system. These attributes that are replicated to the catalog are known as partial attribute set (PAS). The PAS, in a Windows 2000 Server environment will cause a full synchronization of the global catalog to occur even if it may be a minor change. However, this issue was improved upon in the Windows 2003 Server environment with a change in the PAS by only updating the attributes that change.

How Does It Work?

As an example, if a user decides to search for all printers within the forest, a global catalog server will process the request submitted by the user by searching through the global catalog, and then output the results. Had it not been for the global catalog server, the user would have had to have searched separately in every forest.

When a user tries to run a certain query (an example of an interactive domain logon), the domain controller will authenticate the user by first validating the user’s identity and also all groups that the user is a part of. This is because the global catalog is the hold of all memberships to all groups, which means that this access to a global catalog server is necessary to accessing all forests, and thus is a requirement for Active Directory authentications. Therefore, it is best to have at least one global catalog server in one Active Directory site. This is because then, the authenticating domain controller does not need to transmit queries over a WAN connection to source information and process tasks.

Ports Commonly Used by Global Catalog Servers

Service Name UDP TCP
LDAP 3268 (global catalog)
LDAP 3269 (global catalog SSL)
LDAP 389 389
LDAP 636 (SSL)
RPC/REPL 135(endpoint mapper)
Kerberos 88 88(global catalog)
DNS 53 53
SMB over IP 445 445

So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended content

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button