What is the Global Catalog?
The global catalog helps users find resources
The global catalog provides a central directory of every object in the forest, and is unique in each AD DS forest. Unlike the individual domain partitions that store a complete writeable attribute set for all objects in the domain, the global catalog is a read-only list of some attributes for every object in the forest. The global catalog makes it easy to locate objects from different domains in a multi-domain forest. For example, Microsoft Exchange Server uses the global catalog to locate all email recipients in a forest.
The forest has a single global catalog. All domain controllers that are assigned the global catalog role share this global catalog. By default, the first domain controller in the forest root domain hosts the global catalog.
How does the global catalog work?
The global catalog speeds up searches
In a given domain, a query for an object is directed to one of the domain controllers in that domain. But that query does not include results about objects in other domains in the forest. For a query to include results from other domains in the forest, you must query a domain controller that's a global catalog server. Basically the global catalog speeds up searches for objects that might be stored on domain controllers in a different domain in the forest. To improve searching across domains in a forest, you should configure additional domain controllers to store a copy of the global catalog. In a single domain, all domain controllers should be configured to hold a copy of the global catalog.
When to use the global catalog?
There are various reasons why you might run a search against a global catalog instead of a domain controller that's not a global catalog.
- Exchange email. When a server that's running Exchange Server receives an incoming email, it has to search for the recipient’s account so that it can decide how to route the message. By automatically querying a global catalog, the server that's running Exchange Server can locate the recipient in a multiple domain environment.
- Authentication. When a user signs in to their Active Directory account, the domain controller that performs the authentication must contact a global catalog to check for universal group memberships before the user is authenticated.
What is the Global Catalog? - This topic reviews common global catalog usage scenarios, and global catalog dependencies and interactions.
No comments:
Post a Comment