Microsoft KB Archive/246303

From BetaArchive Wiki

Article ID: 246303

Article Last Modified on 2/27/2007


  • Microsoft Exchange 2000 Server Standard Edition

This article was previously published under Q246303


This article discusses the global catalog and assigned TCP ports for access to the global catalog.


A global catalog is a centralized database. It contains a partial replica of all the objects that have been published in the Forest. However, it contains only some of the attributes of these objects. This design permits faster and more efficient queries in Active Directory for objects of interest with the added benefit of being able to search the entire Forest. A global catalog also contains partial replicas of the schema and configuration containers.

The attributes in the global catalog are those most frequently used in search operations (such as a user's first and last names, logon names, and so on). The global catalog attributes also include those that are required to locate a full replica of the object.

The usefulness of the global catalog comes primarily from the design of Active Directory, which consists of many partitions or naming contexts such as domain, schema, configuration, and user. While the Distinguished Name (DN) of an object includes enough information to locate a replica of the partition that holds the object, many times the user or application does not know the DN of the target object or which partition might contain the object. The global catalog enables users and applications to find objects in the Active Directory domain tree by supplying one or more attributes of the needed object.

Each Windows 2000 Forest has a common global catalog. The essence of the global catalog is best understood in reference to the use of noncontiguous namespaces that are allowed in Forests. The global catalog makes it easy to quickly find objects of interest without reference to namespaces although these can still be used in the searches. The global catalog is built automatically by the Active Directory replication system and its replication topology is generated automatically. While the base set of properties replicated into the global catalog are defined by Microsoft, administrators can specify additional properties to meet the needs of their installation through the use of Active Directory Schema Manager.

When you install the Active Directory service on the first domain controller in a new Forest, that domain controller is, by default, a global catalog server. A global catalog server is a domain controller that stores a copy of the global catalog. Additional domain controllers can also be designated as global catalog servers by using the Sites and Servers Management snap-in.

The server that is assigned the status of a global catalog server and that is holding a copy of the global catalog listens on TCP port 3268 for Lightweight Directory Access Protocol (LDAP) searches. If security using Secure Sockets Layer (SSL) is implemented, the server listens on TCP port 3269.

Relevant Global Catalog-related Points to Keep in Perspective

  • Only the first domain controller installed in the Forest is a global catalog server, by default.
  • A server that is designated as a global catalog server is always a domain controller (DC). However, every DC need not necessarily function as a global catalog server unless it is configured to do so.
  • A global catalog enables a search of the entire Forest or any part of the Forest as well as the schema and configuration containers.
  • A global catalog search is a complete search on a single server without need for referrals. Referrals are therefore not supported.
  • A global catalog contains only a small subset of the properties on each object.
  • A global catalog search can only use a search filter that contains properties in the global catalog.
  • A global catalog search that includes properties that are not in the global catalog causes the search to evaluate the expressions that contain those properties as FALSE.
  • A global catalog search can only retrieve properties in the global catalog.
  • A global catalog is read-only. For this reason, searches can only retrieve and display the values retrieved. It prohibits the creation, modification, or deletion of objects.

Issues to Keep in Mind When Assigning a DC to Be a Global Catalog Server

Having too many global catalogs can generate unnecessary replication traffic especially in the case of a very large enterprise with a lot of domains. While the availability of additional global catalog servers can provide quicker responses to user inquiries, base the decision of assigning the global catalog server status on the ability of the network structure to handle replication and query traffic. It is recommended that every major site in the enterprise have a global catalog server.

Keywords: kbinfo KB246303