• Main Menu
  • Global Catalog


    The global catalog is a distributed data repository that is stored in global catalog servers and issued via multimaster replication. It basically is composed of a representation (partial) of every object in the multidomain Active Directory forest that can also be searched. The global catalog is used because searches can be made faster because they don't need to go through the hassle of involving referrals to different domain controllers.

    In addition, the global catalog allows finding an object that you wish without needing to know the object's domain name. This is possible because not only does it hold a full, writable domain directory replica, but it also has a partial, read-only replica of all the domain directory partitions in the forest. Therefore, by being composed of only the most used attributes during searching, all objects in every domain in any small or big forest can be found and represented in the database of one global catalog server.Global Catalog

    To maintain the ability to conduct a full, fast, and effective search, the global catalog is constantly updated by the Active Directory replication system. These attributes that are replicated to the catalog are known as partial attribute set (PAS). The PAS, in a Windows 2000 Server environment will cause a full synchronization of the global catalog to occur even if it may be a minor change. However, this issue was improved upon in the Windows 2003 Server environment with a change in the PAS by only updating the attributes that change.

    How Does It Work?

    As an example, if a user decides to search for all printers within the forest, a global catalog server will process the request submitted by the user by searching through the global catalog, and then output the results. Had it not been for the global catalog server, the user would have had to have searched separately in every forest.

    When a user tries to run a certain query (an example of an interactive domain logon), the domain controller will authenticate the user by first validating the user's identity and also all groups that the user is a part of. This is because the global catalog is the hold of all memberships to all groups, which means that this access to a global catalog server is necessary to accessing all forests, and thus is a requirement for Active Directory authentications. Therefore, it is best to have at least one global catalog server in one Active Directory site. This is because then, the authenticating domain controller does not need to transmit queries over a WAN connection to source information and process tasks.

    Ports Commonly Used by Global Catalog Servers

    Service Name UDP TCP
    LDAP   3268 (global catalog)
    LDAP   3269 (global catalog SSL)
    LDAP 389 389
    LDAP   636 (SSL)
    RPC/REPL   135(endpoint mapper)
    Kerberos 88 88(global catalog)
    DNS 53 53
    SMB over IP 445 445

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    Microsoft Active Directory
    171 queries in 0.752 seconds.