Learn AD in 15 Minutes a Week: Windows 2000 Global Catalog Server Page 2

Download the authoritative guide: Data Center Guide: Optimizing Your Data Center Strategy

Download the authoritative guide: Cloud Computing: Using the Cloud for Competitive Advantage

Main Functions of the Global Catalog Server

The Windows 2000 global catalog maintains all of the Universal Group memberships for the forest and it also allows enables forest-wide directory searches.

The Windows 2000 global catalog provides universal group membership information for the account to the domain controller processing the user logon information. If the global catalog server is not available when a user tries to logon to the network (either because a local server is not available and a remote one cannot be reached), the user is only able to log on to the local computer using cached credentials. If the user has never logged on to that system before or there is a GPO that prohibits the caching of credentials, the user cannot logon.

[NOTES FROM THE FIELD] - If the user is logged on with cached credentials, all necessary network resource access will need to validated on an individual basis. In a Kerberos scenario, the Kerberos Key Distribution Center will need to be contacted to get a ticket for access. If NTLM is used, pass-through authentication will be performed.

Also, if the user trying to log on is an Administrator and they cannot access a global catalog server, a "normal" logon is allowed even though the global catalog server couldn't be reached.

For more information on this you can check the Global Catalog Server Requirement for User and Computer Logon (Q216970) article on the Microsoft web site. There is also another good one called How to Disable Requirement that a Global Catalog Server Be Available to Validate User Logons (Q241789) which allows you to configure user logons to all "functions" as the administrator accounts do, by eliminating the need to access the Global Catalog server.


Configure a New Global Catalog Server

As mentioned earlier, the Windows 2000 global catalog is created on the forest root domain controller when DCPROMO is run for the first time, and this server is known as the Global Catalog Server.

You can set up any server to be a Global Catalog Server by going to the Active Directory Sites and Services MMC and in the console tree, right-clicking the NTDS Settings of the server you want to make into a Global Catalog Server and selecting PROPERTIES.

On the GENERAL tab of the PROPERTIES page for that server, check the GLOBAL CATALOG checkbox and select OK.

The Active Directory Sites and Services snap-in is not installed on Windows 2000 Professional systems; however, the Windows 2000 Administration Tools allows for the installation of certain MMC snap-ins (including the Active Directory Sites and Services) on Windows 2000 Professional systems to allow for remote administration.


Partition Replication

The Windows 2000 Active Directory is partitioned in three distinct parts.

  • Schema Partition. The information in the Schema Partition defines all objects and their allowed attributes and is common to all domains in the forest. This partition is replicated to all domain controllers in the forest.

  • Configuration Partition. The Configuration Partition outlines your domain structure and replication topology. This information is common to all domains in the forest. This partition is replicated to all domain controllers in the forest.

  • Domain Partition. The Domain Partition references data objects of a given domain. This information is commonly relevant to only the single domain, it is not shared, and this partition is replicated to all domain controllers in the domain only. It is a subset of this data from all objects in all domains (partial replica) that is stored in the global catalog.

All of the objects in every domain, and a subset of the properties (partial replica) of all objects in a forest, are replicated to the global catalog.

Domain controllers have the responsibility of replicating:

  • The schema and configuration partitions for the forest.
  • The domain partition for the local domain, within the local domain and a subset of the properties (partial replica) of all objects of the local domain to the global catalog.

Global Catalog servers have the responsibility of replicating:

  • The schema information for a forest
  • The configuration information for all domains in a forest
  • A subset of the properties (partial replica) for all directory objects in the forest (replicated between global catalog servers only)
  • All directory objects and all their properties for the local domain.

This article was originally published on Jun 13, 2002
Page 2 of 3

Thanks for your registration, follow us on our social networks to keep up-to-date