Global catalog

By default, a global catalog is created automatically on the initial domain controller in the forest. It stores a full replica of all objects in the directory for its host domain and a partial replica of all objects contained in the directory of every other domain in the forest. The replica is partial because it stores some, but not all, of the property values for every object in the forest. The global catalog performs two key directory roles:

• It enables network logon by providing universal group membership information to a domain controller when a logon process is initiated.
• It enables finding directory information regardless of which domain in the forest actually contains the data.

When a user logs on to the network, the global catalog provides universal group membership information for the account sending the logon request to the domain controller. If there is only one domain controller in the domain, the domain controller and the global catalog are the same server. If there are multiple domain controllers in the network, the global catalog is hosted on the domain controller configured as such. If a global catalog is not available when a user initiates a network logon process, the user is only able to log on to the local computer.

 Important

• If a user is a member of the Domain Admins group, they are able to log on to the network even when a global catalog is not available.

The global catalog is designed to respond to user and programmatic queries about objects anywhere in the forest with maximum speed and minimum network traffic. Because a single global catalog contains information about objects in all domains in the forest, a query about an object can be resolved by a global catalog in the domain in which the query is initiated. Thus, finding information in the directory does not produce unnecessary query traffic across domain boundaries.

You can optionally configure any domain controller to host a global catalog, based on your organization's requirements for servicing logon requests and search queries.

After additional domain controllers are installed in the domain, you can change the default location of the global catalog to another domain controller using Active Directory Sites and Services

Active Directory defines a base set of attributes for each object in the directory. Each object and some of its attributes (such as universal group memberships) are stored in the global catalog. Using Active Directory Schema, you can specify additional attributes to be kept in the global catalog. However, adding a new attribute to the global catalog causes a full synchronization of all of object attributes stored in the global catalog (for all of the domains in the forest). In a large, multi-domain forest, this one-time synchronization can cause significant network traffic.