Active Directory

What is Global Catalog

Global Catalog

By default, the first Domain Controller in a domain is automatically made a Global Catalog (GC), though all DCs in the domain should host the Global Catalog.

The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well.

Global Catalog servers contain a partial replica (all objects, selected properties) of all Domains in the Forest. The global catalog is used for directory operations such as logons and forest-wide searches, but replicated attributes can be limited. It’s a service and a physical database for objects in the directory for its own domain and all other domains in the forest.

Only the attributes marked to be replicated to GCs are replicated across domains to the GCs in domains. GC attribute replication is configurable via the PartialAttributeSet attribute. Only objects likely to be queried by users should be published to the GC. Authentication of a user requires global knowledge of the user’s group memberships. Universal Group membership requires GC for logon. Furthermore, applications such as Exchange use the Global Catalog extensively.

The Global Catalog stores information for the entire forest, so targeting a search against a GC provides forest-wide information. Data stored in attributes that replicate to GCs is available in the forest and may be accessible via trusts, so this data should be protected appropriately.

How a Global Catalog Works

To understand how the global catalogue works, you must first understand how the Active Directory database is built. The Active Directory database is stored in a single file, NTDS.dit, on domain controllers. The database is logically separated into partitions to simplify administration and allow effective replication.

At least three partitions are maintained by every domain controller:

The schema partition contains object and attribute definitions. In other words, the schema partition contains a list of definitions that define what objects and attributes for those objects can exist in the Active Directory. Schema information is enterprise in nature—all domain controllers in a tree or forest share a common schema and any schema modifications are replicated across the forest. Because the schema defines objects and attributes, an object that is created, along with it’s attributes, must conform to the definitions of the schema.

The configuration partition contains information about the physical structure of the Active Directory, such as the sites and domains and where domain controllers reside in the enterprise. Configuration information is replicated to all domain controllers in the tree or forest.

The domain partition contains information about all Active Directory objects that are specific to that domain, such as users and groups, OUs, and other resources. All domain partition information is completely replicated to all domain controllers within the domain. For global catalog servers in other domains, a read-only subset of the domain partition is replicated. This allows the global catalog server to know what is available in each domain so that other domain users can access resources, but changes to the domain partition can only be made from within the domain.

Application partitions may also be maintained by domain controllers. Except for security principals, these partitions include information about AD-integrated apps and can contain any sort of object. Application partitions are not needed to replicate to other domain controllers but can be set to replicate to any DC in a forest.

You can identify the partitions present on a DC using the following PowerShell cmdlet:

Get-ADDomainController -Server <SERVER> | Select-Object -ExpandProperty Partitions

In a single-domain forest, all DCs host the only domain partition in the forest; therefore, each one contains a record of all of the objects in the forest and can process authentication and domain service requests.

So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended contents

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Disabling and enabling replication on schema master domain controller

How to enable strict replication consistency

How to prevent lingering objects replication in active directory

AD replication process overview

How to force active directory replication

Change notification in replication process

How to check replication partner for a specific domain controller

dcdiag test replications

DFS Replication Event

Unidirectional replication

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button