Introduction to Administering the Global Catalog
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Designate global catalog servers in sites to accommodate forest-wide directory searching and to facilitate domain client logons when universal groups are available (that is, when a domain has a domain functional level of Windows Server 2003 or Windows 2000 native). When universal groups are available in the domain, a domain controller must be able to locate a global catalog server to process a logon request.
Global Catalog Placement
Placement of global catalog servers in sites is a deployment task when you initially deploy your forest. As your forest grows, you might need to add more global catalog servers. To improve the speed of logging on and searching, place at least one global catalog server in each site and at least two global catalog servers if the site has multiple domain controllers. As a best practice, configure half of all domain controllers in a site to be global catalog servers if the site contains more than three domain controllers. If your deployment uses only a single domain, configure all domain controllers as global catalog servers. In a single-domain forest, configuring all domain controllers as global catalog servers requires no additional resources.
When placing global catalog servers, primary concerns are:
Does any site have no global catalog servers?
What domain controllers are designated as global catalog servers in a particular site?
Initial Global Catalog Replication
When you add a global catalog server to a site, the Knowledge Consistency Checker (KCC) updates the replication topology, after which replication of partial domain directory partitions that are available within the site begins. Replication of partial domain directory partitions that are available only from other sites begins at the next scheduled interval.
Adding subsequent global catalog servers within the same site requires only intrasite replication and does not affect network performance. Replication of the global catalog potentially affects network performance only when adding the first global catalog server in the site and the impact varies depending on the following conditions:
The speed and reliability of the wide area network (WAN) link or links to the site.
The size of the forest.
For example, in a forest that has a large hub site, five domains, and thirty small branch sites (some of which are connected by only dial-up connections), global catalog replication to the small sites takes considerably longer than replication of one or two domains to a few well-connected sites.
Global Catalog Readiness
A global catalog server is available to directory clients when it is locatable as a global catalog server in Domain Name System (DNS). Several conditions must be met before the global catalog server is ready to serve clients. These conditions are divided into seven levels (numbered 0 to 6) of readiness called occupancy levels. At each level, a specific degree of synchronization must be achieved before moving to the next level. By default, domain controllers running Windows Server 2003 require all levels to be reached before the global catalog is ready for use. At level 6, all partial, read-only directory partitions have been successfully replicated to the global catalog server. When the requirements of all occupancy levels have been satisfied, the Net Logon service on the global catalog server registers DNS service (SRV) resource records that identify the domain controller as a global catalog server in the site and in the forest.
In summary, a global catalog server is ready to serve clients when the following events occur, in this order:
Occupancy level requirements are met by replicating read-only replicas.
The isGlobalCatalogReady rootDSE attribute is set to TRUE.
The Net Logon service on the domain controller has updated DNS with global catalog–specific SRV resource records.
At this point, the global catalog server begins accepting queries on ports 3268 and 3269.
Global Catalog Removal
When you remove the global catalog, the domain controller immediately stops advertising in DNS as a global catalog server. The KCC gradually removes the read-only replicas from the domain controller. On domain controllers running Windows Server 2003, the global catalog partial, read-only directory partitions are removed in the background, receiving a low priority so that high-priority services are not interrupted.
One reason that you might want to remove the global catalog from a domain controller is the availability of universal group membership caching in Windows Server 2003, which might eliminate the requirement for a global catalog server in a particular site.
Minimum hardware requirements for global catalog servers depend upon the numbers of users in the site. For disk space requirements and directory database storage guidelines, see "Assessing Disk Space and Memory Requirements" in Designing and Deploying Directory and Security Services on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=45434).
For more information, see "How the Global Catalog Works" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=44139).