What is Global Catalog
Global Catalog
By default, the first Domain Controller in a domain is automatically made a Global Catalog (GC), though all DCs in the domain should host the Global Catalog.
The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well.
Global Catalog servers contain a partial replica (all objects, selected properties) of all Domains in the Forest. The global catalog is used for directory operations such as logons and forest-wide searches, but replicated attributes can be limited. It’s a service and a physical database for objects in the directory for its own domain and all other domains in the forest.
Only the attributes marked to be replicated to GCs are replicated across domains to the GCs in domains. GC attribute replication is configurable via the PartialAttributeSet attribute. Only objects likely to be queried by users should be published to the GC. Authentication of a user requires global knowledge of the user’s group memberships. Universal Group membership requires GC for logon. Furthermore, applications such as Exchange use the Global Catalog extensively.
The Global Catalog stores information for the entire forest, so targeting a search against a GC provides forest-wide information. Data stored in attributes that replicate to GCs is available in the forest and may be accessible via trusts, so this data should be protected appropriately.
How a Global Catalog Works
To understand how the global catalogue works, you must first understand how the Active Directory database is built. The Active Directory database is stored in a single file, NTDS.dit, on domain controllers. The database is logically separated into partitions to simplify administration and allow effective replication.
At least three partitions are maintained by every domain controller:
The schema partition contains object and attribute definitions. In other words, the schema partition contains a list of definitions that define what objects and attributes for those objects can exist in the Active Directory. Schema information is enterprise in nature—all domain controllers in a tree or forest share a common schema and any schema modifications are replicated across the forest. Because the schema defines objects and attributes, an object that is created, along with it’s attributes, must conform to the definitions of the schema.
The configuration partition contains information about the physical structure of the Active Directory, such as the sites and domains and where domain controllers reside in the enterprise. Configuration information is replicated to all domain controllers in the tree or forest.
The domain partition contains information about all Active Directory objects that are specific to that domain, such as users and groups, OUs, and other resources. All domain partition information is completely replicated to all domain controllers within the domain. For global catalog servers in other domains, a read-only subset of the domain partition is replicated. This allows the global catalog server to know what is available in each domain so that other domain users can access resources, but changes to the domain partition can only be made from within the domain.
Application partitions may also be maintained by domain controllers. Except for security principals, these partitions include information about AD-integrated apps and can contain any sort of object. Application partitions are not needed to replicate to other domain controllers but can be set to replicate to any DC in a forest.
You can identify the partitions present on a DC using the following PowerShell cmdlet:
Get-ADDomainController -Server <SERVER> | Select-Object -ExpandProperty Partitions
In a single-domain forest, all DCs host the only domain partition in the forest; therefore, each one contains a record of all of the objects in the forest and can process authentication and domain service requests.
So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!
Recommended contents
How to Check the Active Directory Database Integrity
Disabling and Enabling the Outbound Replication
DFS Replication Service Stopped Replication
What is Strict Replication Consistency
The replication operation failed because of a schema mismatch between the servers involved
Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers
How to export replication information in txt file
Repadmin Replsummary
Enabling the outbound replication
Disabling and enabling replication on schema master domain controller
How to enable strict replication consistency
How to prevent lingering objects replication in active directory
AD replication process overview
How to force active directory replication
Change notification in replication process
How to check replication partner for a specific domain controller
dcdiag test replications
DFS Replication Event
Unidirectional replication
Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
