|
|
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network. The establishment of site-based GCs is less critical with Windows Server 2003 since the site DC can be configured to cache the user's Universal Group membership. This feature is turned on by configuring a site to use logon without Global Catalog in the Active Directory Sites and Services snap-in.
Although Active Directory creates the initial GC during initial installation, a system administrator may invoke a number of additional interactions that improve performance.
A domain controller must be taken offline or out of service sometimes. If this domain controller is also the sole GC for the domain, it is critical that another GC domain controller be placed into service first. Remember, with the exception of the Domain Administrator group, no user can log on to the network without an operative GC. Therefore, prior to running dcpromo.exe to demote the GC domain controller, enable a new GC by following these steps:
Create at least a second domain controller.
Open the Active Directory Sites and Services snap-in.
Open the Site 
Server targeted the domain controller.
Right-click NTDS Settings select Properties at the bottom of the General tab, click Global Catalog.
NOTE
On rare occasions, it may be necessary to force the demotion of a domain controller when it exhibits a massive error state and cannot be demoted due to a replication error. This feature removes the Active Directory and returns the computer to member server state. Generally, applications and data are not affected. This feature is invoked by running dcpromo.exe /forcedremoval from the command prompt.
In larger enterprises, it is recommended that the GC be moved to a separate domain controller. As noted in Chapter 5, this new location should not be the Infrastructure Master domain controller. Moving the GC is accomplished by following these steps:
Create at least a second domain controller.
Open the Active Directory Sites and Services snap-in.
Open the Site Server targeted the domain controller.
Right-click NTDS Settings select Properties at the bottom of the General tab, click Global Catalog.
To remove the original GC: repeat steps 1 and 2; in step 3, return to the domain controller that originally contained the GC; and in step 4, at the bottom of the General tab, remove the check mark next to Global Catalog.
To create multiple copies of the GC, simply follow steps 1 through 4 on several domain controllers.
The Global Catalog is used to rapidly locate domain objects. In some cases, users query more common attributes to locate network resources. So that the GC recognizes these attributes, the system administrator can force it to both add and index them. To force the addition and/or indexing of an attribute, follow these steps:
Open the Active Directory Schema snap-in.
Open the Attributes folder.
In the right pane, right-click the targeted attribute that should be added or indexed to the Global Catalog then click Properties.
Click Index this attribute in the Active Directory.
Click Replicate this attribute to the Global Catalog.
Click OK.
 |
|
|
| Top |