Guy Recommends
A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network.
Download FREE
trial
Windows Server 2003 - Global Catalog
Mastering Global Catalog will not only give your users a better network experience, but also teach you about Windows Server 2003's Active Directory. Global Catalogs are deceptive. The bigger
your Active Directory forest the more important it is to configure Global Catalogs. If you have Exchange 2003, then there are extra reasons to position Global Catalogs close to the users.
Topics for Windows Server 2003 Global Catalog
Your average user want answers to questions such as, 'Where are you Domain Controller?' or 'Find this email
address in the GAL'. Naturally people don't normally vocalise these requests, however they logon to the domain, and they attempt to send email with outlook. The role of the Global Catalog Server is
to answer requests for network resources, for example, LDAP queries to find a Domain Controller, or an Exchange 2003 Server. Now we
come to the key Global Catalog concepts. Surprisingly, not every domain controller is a global catalog server. The reason is that by default there is only global catalog server. Microsoft's
thinking is that you may not want the extra
overhead of being a global catalog server, and the more global catalog servers the more replication traffic on your network. Every Domain Controller knows about its own domain, after all, managing
directory services is what a Domain Controller does.
However, Domain Controllers that are also Global Catalog Servers know about other domains (key point). Microsoft's paranoia is that there may be restrictions on a Universal Group in another domain,
therefore, before a user logs on the Domain Controller must be able to enumerate Universal Group membership, just in case a Universal Group and hence a user, has been denied access. Incidentally, you may have seen Universal Group
Caching which neatly solves this latency. Universal Group Caching is one of the new features of Windows Server 2003.
Configuring a Domain Controller as a Global Catalogs is a knack. Once you have drilled down, and checked the Global Catalog box you always remember
that tortuous path. Let us begin at the Active Directory Sites and Services snap-in. Expand Sites, Default-First-Site-Name, Servers. Select your server and seek the NTDS Settings, right
click and choose Properties. All that remains is to tick the Global Catalog box. (See Diagrams Opposite)
With a Windows Server 2000 Server you have to reboot, eccentrically the interface does not tell you to reboot. All this nonsense is cured in Windows Server 2003, you do not have to reboot when you
enable or disable Global Catalog.
The only variation on these instructions is that your servers may be in different sites and not in the strangely named, Default-First-Site-Name. If you have firewall restrictions, LDAP uses port 389 for read and write
operations and port 3268 for global catalog search operations.
 Active Directory Training. As an MCT trainer, I can thoroughly recommend
TrainSignal because they provide practical hands on
training. In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Active Directory or go for
a combination of modules.
See more about Active Directory training
To be honest, if you have only one domain then nothing bad will happen if you don't have a local
Global Catalog server. However, if you have a forest then delays can be a problem - unless you place Global Catalog servers judiciously. The root of the problem is enumerating Universal Group
membership. In a single domain it's pointless using Universal Groups, and even if you did, they will only be users in your domain. There are no other domains to check. The key point with Active Directory is that Domain
Controllers, which are not also Global Catalog Servers, cannot deduce Universal Groups in other domains. For security, until they contact a Global Catalog server Domain Controller cannot proceed with the logon
request. As a result of this knowledge
you can plan extra Global Catalog servers. However, if you only have one domain, there is no need for any more Global Catalog servers.
Related Topics
● Global Catalog and Exchange ● FSMO Roles
● Schema ● Install Active Directory
|
The extra features you get in your eBook
include: lots of examples on 'How to ...'. New pages
with deployment recommendations. Detailed instructions and screen shots showing the menus to
configure.
