by Jason Zandri
Welcome to the seventh installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed
at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. This
installment is going to discuss the Windows 2000 Global
Catalog Server and how it is used within Windows 2000 and Active
Jason Zandri’s latest article in the Learn Active Directory Design and Administration in 15 Minutes a Week discusses the Windows 2000 Global Catalog Server and how it is used within Windows 2000 and Active Directory.
The Windows 2000 global catalog is the
single database where information on all of the Active
Directory objects in a tree or forest is kept. The Windows
2000 global catalog is created on the forest root domain
controller when DCPROMO is run for the first time. This
server is known as, among other things, the Global Catalog Server.
Windows 2000 Global Catalog Servers
store all of the Active Directory object attributes for all
of the Active Directory objects from their own domain. This
is referred to as a full replica. They also contain some of
the Active Directory object attributes from all of the
remaining Active Directory objects from all of the other
domains in the forest. This is referred to as a partial
replica. This subset of data from throughout the forest
allows for user and service queries for finding directory
information and directory objects from any domain in the
forest regardless of which domain that data and/or object
exists. In a nutshell this means, for example, a user from
one domain can search for a printer that is published in the
Active Directory and locate it in any domain, even an
external one, by using only the printer’s name or some other
known (to the Active Directory database) attribute. This
could be a building number or floor or some other naming
convention used within the given organization.
[NOTES FROM THE FIELD] – I use this analogy
often as it helps me to comprehend the whole full replica /
partial replica thing.
Think of the Active Directory replica of your local
domain (the full replica) as the yellow pages of your local
phone book (your local calling area). In it, you can often
find in the listings and ads, (objects) telephone numbers,
street addresses, hours of operation and other pertinent
information (attributes for those objects) for the listings
you are looking up.
While your local yellow pages does not have listings for
outside of your calling area, you can still look up the
phone number (attribute) of a business (object) outside of
your area by calling 411 / directory assistance where they
can look up the number for you (in their database). This
would have only some of the information you might be looking
for (partial replica), as you usually can only get the phone
number from directory assistance. However, by calling the
telephone number you’re given (performing an Active
Directory query), you can find out their address and their
hours of operation.
Think of the directory assistance database as the
partial replica from all other domains in the forest. It
will have some information on all of the objects, but not
all of it.
Object attributes in the Windows 2000 Global Catalog that
are replicated throughout the Active Directory forest
maintain their permissions in the catalog from their source
domains for security purposes.