The global catalog is an index of the Active
Directory database that stores a full replica of all objects in the
directory for its host domain, and a partial replica of all objects
contained in the directory of every domain in the forest. In other
words, a global catalog contains a replica of every object in Active
Directory, but with a limited number of each object’s attributes.
Global catalog servers,
often referred to as GCs, are Active Directory domain controllers that
house a copy of the global catalog. A global catalog server performs two
key roles:
Provides universal group membership information to a domain controller when a logon process is initiated.
Enables finding directory information regardless of which domain in the forest contains the data.
Access to a global
catalog server is necessary for a user to authenticate to the domain. If
a global catalog is not available when a user initiates a network logon
process, the user is only able to log on to the local computer, and
cannot access network resources.
With
such an important role to play, it is a common practice to locate at
least one global catalog server in each physical location, as it is
referenced often by clients and by applications such as Exchange Server.
Understanding the Relationship Between Exchange Server 2010 and the AD Global Catalog
In the past, an
Exchange server could continue to operate by itself with few
dependencies on other system components. Because all components of the
mail system were locally confined to the same server, downtime was an
all-or-nothing prospect. The segregation of the directory into Active
Directory has changed the playing field somewhat. In many cases,
down-level clients no longer operate independently in the event of a
global catalog server failure. Keep this in mind, especially when
designing and deploying a domain controller and global catalog
infrastructure.
Note
Because Outlook
clients and Exchange Server can behave erratically if the global catalog
they have been using goes down, it is important to scrutinize which
systems receive a copy of the global catalog. In other words, it is not
wise to set up a GC/DC on a workstation or substandard hardware, simply
to offload some work from the production domain controllers. If that
server fails, the effect on the clients is the same as if their Exchange
server failed.
Understanding Global Catalog Structure
The global catalog is an
oft-misunderstood concept with Active Directory. In addition, design
mistakes with global catalog placement can potentially cripple a
network, so a full understanding of what the global catalog is and how
it works is warranted.
As mentioned earlier,
Active Directory was developed as a standards-based LDAP implementation,
and the AD structure acts as an X.500 tree. Queries against the Active
Directory must, therefore, have some method of traversing the directory
tree to find objects. This means that queries that are sent to a domain
controller in a subdomain need to be referred to other domain
controllers in other domains in the forest. In large forests, this can
significantly increase the time it takes to perform queries.
In Active Directory, the
global catalog serves as a mechanism for improving query response time.
The global catalog contains a partial set of all objects (users,
computers, and other AD objects) in the entire AD forest. The most
commonly searched attributes are stored and replicated in the global
catalog (that is, first name, username, and email address). By storing a
read-only copy of objects from other domains locally, full tree
searches across the entire forest are accomplished significantly faster.
So, in a large forest, a server that holds a copy of the global catalog
contains information replicated from all domains in the forest.
Using Best Practices for Global Catalog Placement
All
users accessing Exchange Server resources should have fast access to a
global catalog server. At least one global catalog server must be
installed on each domain that contains an Exchange server; however, to
achieve the best performance in larger organizations, additional global
catalog servers should definitely be considered.
As a starting point, per
site, there should be a 4:1 ratio of Exchange Server processor cores to
global catalog server 32-bit processor cores. So, if you have four
Exchange servers, each with four processors, you should have four
processors running your global catalog servers. For global catalog
servers with 64-bit processor cores, the ratio is 8:1 ratio of Exchange
Server processor cores to global catalog server 64-bit processor cores.
Of course, Exchange Server 2010 processor cores are always 64-bit.
Bear in mind,
however, that increased global catalog server usage, very large Active
Directory implementations, or the use of extremely large distribution
lists might necessitate more global catalog servers.
Note
With respect to
the global catalog processor ratio rule, the 4:1 processor ratio rule
from prior versions of Exchange Server, which assumes a result of one
global catalog server being deployed for every two mailbox servers,
applies to any environment where the database file (the .dit
file) for Active Directory is larger than 1GB, and, therefore, cannot
fit into memory. Exchange Server 2010 is undergoing a variety of
performance tests, and more prescriptive guidance is expected in the RTM
version of Exchange Server 2010.
Promoting a Domain Controller to a Global Catalog
Although any domain
controller can easily be promoted to a global catalog server, the
promotion can have a significant impact on network operations and
performance while the topology is updated and the copy of the catalog is
passed to the server.
During the
promotion, the server immediately notifies DNS if it’s new status. In
the early days of Active Directory, this often caused problems, as the
Exchange servers would immediately begin utilizing the global catalog
server before it had finished building the catalog. This problem was
rectified in Exchange 2000, Service Pack 2, with the addition of a
mechanism that detects the readiness of a global catalog server and
prevents Exchange Server from querying new servers until a full copy of
the catalog has been received.
The procedure to promote a domain controller to a global catalog server is as follows:
1. | On
the domain controller, open Server Manager and expand Roles, Active
Directory Domain Services, and then click Active Directory Sites and
Service.
|
2. | In the console tree, double-click Sites, double-click the name of the site, and then double-click Servers.
|
3. | Double-click the target domain controller.
|
4. | In the details pane, right-click NTDS Settings, and then click Properties.
|
5. | On the General tab, click to select the Global Catalog check box, as shown in Figure 1.
|
6. | Click OK to finalize the operation.
|
In older versions of the
Windows Server operating system, it was necessary to restart the domain
controller after a promotion to a global catalog; however, as of Windows
Server 2003, this step is no longer necessary.
