Global Catalog

Because AD is the central component of a Windows network, network clients and servers frequently query it. In order to increase the availability of AD data on the network as well as the efficiency of directory object queries from clients, AD includes a service known as the GC. The GC is a separatedatabase from AD and contains a partial, read-only replica of all the directory objects in the entire AD forest.

Only Windows servers acting as domain controllers can be configured as GC servers. By default, the first domain controller in a Windows forest is automatically configured to be a GC server (this designation can be moved later to a different domain controller if desired; however, every forest must contain at least one GC). Like AD, the GC uses replication in order to ensure updates
between the various GC servers within a domain or forest. In addition to being a repository of commonly queried AD object attributes, the GC plays two primary roles on a Windows network:

Network logon authentication?In native-mode domains (networks in which all domain controllers have been upgraded to Win2K or later, and the domain?s functional level has been manually set to the appropriate level), the GC facilitates network logons for ADenabled clients. It does so by providing universal group membership information to the account sending the logon request to a domain controller. This applies not only to regular users but also to every type of object that must authenticate to AD (including computers).In multi-domain networks, at least one domain controller acting as a GC must be available in order for users to log on. Another situation that requires a GC server occurs when a user attempts to log on with a user principal name (UPN) other than the default. If a GC server is not available in these circumstances, users will only be able to logon to the local computer (the one exception is members of the domain administrators group, who do not require a GC server in order to log on to the network).

Directory searches and queries With AD, read requests such as directory searches and queries, by far tend to outweigh write-oriented requests such as directory updates (for example, by an administrator or during replication). The majority of AD-related network traffic is comprised of requests from users, administrators, and applications about objects in the directory. As a result, the GC is essential to the network infrastructure because it allows clients to quickly perform searches acrossall domains within a forest.

(Although mixed-mode Win2K domains do not require the GC for the network logon authentication process, GCs are still important in facilitating directory queries and searches on these networks and should therefore be made available at each site within the network.)