dcsimg

Learn AD in 15 Minutes a Week: Windows 2000 Global Catalog Server

By ServerWatch Staff (Send Email)
Posted Jun 12, 2002


by Jason Zandri
www.2000trainers.com

Welcome to the seventh installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. This installment is going to discuss the Windows 2000 Global Catalog Server and how it is used within Windows 2000 and Active Directory.

Jason Zandri's latest article in the Learn Active Directory Design and Administration in 15 Minutes a Week discusses the Windows 2000 Global Catalog Server and how it is used within Windows 2000 and Active Directory.

 

Overview

The Windows 2000 global catalog is the single database where information on all of the Active Directory objects in a tree or forest is kept. The Windows 2000 global catalog is created on the forest root domain controller when DCPROMO is run for the first time. This server is known as, among other things, the Global Catalog Server.

Windows 2000 Global Catalog Servers store all of the Active Directory object attributes for all of the Active Directory objects from their own domain. This is referred to as a full replica. They also contain some of the Active Directory object attributes from all of the remaining Active Directory objects from all of the other domains in the forest. This is referred to as a partial replica. This subset of data from throughout the forest allows for user and service queries for finding directory information and directory objects from any domain in the forest regardless of which domain that data and/or object exists. In a nutshell this means, for example, a user from one domain can search for a printer that is published in the Active Directory and locate it in any domain, even an external one, by using only the printer's name or some other known (to the Active Directory database) attribute. This could be a building number or floor or some other naming convention used within the given organization.

[NOTES FROM THE FIELD] - I use this analogy often as it helps me to comprehend the whole full replica / partial replica thing.

Think of the Active Directory replica of your local domain (the full replica) as the yellow pages of your local phone book (your local calling area). In it, you can often find in the listings and ads, (objects) telephone numbers, street addresses, hours of operation and other pertinent information (attributes for those objects) for the listings you are looking up.

While your local yellow pages does not have listings for outside of your calling area, you can still look up the phone number (attribute) of a business (object) outside of your area by calling 411 / directory assistance where they can look up the number for you (in their database). This would have only some of the information you might be looking for (partial replica), as you usually can only get the phone number from directory assistance. However, by calling the telephone number you're given (performing an Active Directory query), you can find out their address and their hours of operation.

Think of the directory assistance database as the partial replica from all other domains in the forest. It will have some information on all of the objects, but not all of it.

Object attributes in the Windows 2000 Global Catalog that are replicated throughout the Active Directory forest maintain their permissions in the catalog from their source domains for security purposes.

Page 1 of 3


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.