Introduction to Exchange Server 2003 – Global Catalog Server
There are many reasons for investigating Windows Server 2003’s Global Catalog Server. For example, the Exchange 2003 GAL relies absolutely on the Global Catalog Service. In addition, correctly placing Global Catalog Servers improves Outlook’s performance. The purpose of this page is to explain why Exchange 2003 needs Global Catalog Servers. I will show you where to configure the settings and advise you on how many Windows Server 2003 Domain Controllers to double-up as Global Catalog Servers.
Topics for Global Catalog Server
- Why does Exchange 2003 need Global Catalog Servers?
- Why Global Catalog placement is important in large organizations
- The crucial Global Catalog / Domain Controller fact
- Configuring a Domain Controller as a Global Catalog Server
- Summary of Global Catalog Servers and Exchange 2003
♠
Why does Exchange 2003 need Global Catalog Servers?
The specific reason why Microsoft Exchange clients place such a heavy load on the Global Catalog Servers is that they need to make LDAP queries to resolve email addresses. For example, a user opens Microsoft’s Outlook and types the name of a recipient. To find the corresponding SMTP address, the GAL issues an LDAP query to the Global Catalog Server.
Before we get deep into Global Catalogs, here are four concepts to help us get started.
1) Only the first Domain Controller in any Domain is a Global Catalog Server by default. Good news, all subsequent Domain Controllers have the Global Catalog capability.
2) Global Catalog Server is a property, a tick in a box, on a Domain Controller. You cannot configure a member server or even an Exchange Member server as a Global Catalog Server.
3) Ordinary non-outlook users need a Global Catalog Server to find network resources such as Universal Group Membership. Therefore, all the configuration you make with Catalog Servers for the sake of Exchange’s GAL, will also benefit everyone.
4) It’s essential to configure extra Global Catalog Servers in multi-domain, multi-site organizations. I admit, a one domain, one site, 50 user outfit, needs very little extra Global Catalog configuration.
Guy Recommends: The SolarWinds Exchange Monitor
Here is a free tool to monitor your Exchange Server. Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space and check the CPU utilization.
This is the real deal – there is no catch. SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.
Free Download of SolarWinds Exchange Monitor
Why Global Catalog placement is important in large organizations
The problem of contacting a Global Catalog Server arises when a Windows 2003 Domain Controller, which are not, repeat, not, also a Global Catalog Servers, receives a logon request. Without a reply from the Global Catalog server it cannot deduce Universal Group membership from other domains. For security, that logon server must be able to enumerate Universal Group Membership. Specifically, the Domain Controller must be sure that people in Universal Groups have not been denied access. A problem only arises if there is no Global Catalog on the subnet, or site and the links to other sites are flaky.
You could solve all Global Catalog problems with Guy’s rule of thumb approach – deploy two Global Catalog Servers at each Active Directory Site. Alternatively you could take the thinking man’s approach and have one Global Catalog Server for every four Exchange 2003 Servers. People who deploy this approach say go for a 1:4 ratio of processors rather than servers. If you are a rich company then you could even get testing software, feed in zillions of relevant info and bingo – out comes the number and placement of your Global Catalog Servers.
The crucial Global Catalog / Domain Controller fact
Each Domain Controller knows all about the all the object and all their properties – but only for its own domain. Crucially, only Domain Controllers that are also Global Catalog servers know about objects in other domains. You could take the ruthless solution and make every domain controller a Global Catalog Server. However, that may be counter-productive owing to increased replication traffic, and placing an undue overhead on those servers. Tell the truth, only testing would show if this traffic and processor load would be as big a problem as it sounds.
Configuring a Domain Controller as a Global Catalog Server
Configuring a Domain Controller as a Global Catalogs is a knack. Once you have drilled down, and checked the Global Catalog box you always remember that tortuous path. (It goes without saying that this is a job for Windows Server 2003 and not Exchange 2003.)
Let us begin at the Active Directory Sites and Services snap-in (Not the ADUC). Expand Sites, Default-First-Site-Name, Servers. Select your server and seek the NTDS Settings, right-click and choose Properties. All that remains is to tick the Global Catalog box. (See Diagrams Opposite)
With a Windows Server 2000 Server you have to reboot, eccentrically the interface does not tell you to reboot. Microsoft cured all this nonsense in Windows Server 2003, you do not have to reboot when you enable or disable Global Catalog.
One variation of these instructions would be if your servers are in a different site and not in the strangely named, Default-First-Site-Name.
If you have firewall restrictions, LDAP uses port 389 for read and write operations and port 3268 for global catalog search operations.
Guy Recommends: SolarWinds’ Free Bulk Mailbox Import Tool
Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
- Bulk-import new users and mailboxes into Active Directory.
- Seek and zap unwanted user accounts.
- Find inactive computers.
Download your FREE bulk mailbox import tool.
Summary of Global Catalog Servers and Exchange 2003
Exchange 2003 makes heavy use of Global Catalog Servers. In particular the GAL makes LDAP queries to resolve email addresses. Windows 2003 Domain Controllers, which are not also Global Catalog Servers, cannot deduce Universal Groups in other domains. For security, until they contact a Global Catalog server Domain Controller cannot proceed with the logon request. As a result of this knowledge you can plan extra Global Catalog servers. The suggested ratio is 1 Global Catalog for every 4 Exchange 2003 servers. However, if you only have one domain, there is no need for any more Global Catalog servers.
If you like this page then please share it with your friends
See Also
- ExPBA – Best Practice Analyzer
- SMTP Queues
- SMTP Raw Commands
- Exchange Logs
- NDR – non Delivery Report
- Network Monitoring
- Syslog Analyzer – Free Utility
- Diagnostic Logging
- SMTP Logging
