Labels: , , , , ,

25. The global catalog contains


The global catalog contains:

       The attributes that are most frequently used in queries, such as a user’s first name, last name, and logon name.
       The information that is necessary to determine the location of any object in the directory.
       The access permissions for each object and attribute that is stored in the global catalog. If you search for an object that you do not have the appropriate permissions to view, the object will not appear in the search results. Access permissions ensure that users can find only objects to which they have been assigned access.

A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. Taking a user object as an example, it would by default have many different attributes such as first name, last name, phone number, and many more. The GC will by default only store the most common of those attributes that would be used in search operations (such as a user’s first and last names, or login name, for example). The partial attributes that it has for that object would be enough to allow a search for that object to be able to locate the full replica of the object in active directory. This allows searches done against a local GC, and reduces network traffic over the WAN in an attempt to locate objects somewhere else in the network.

Domain Controllers always contain the full attribute list for objects belonging to their domain.  If the Domain Controller is also a GC, it will also contain a partial replica of objects from all other domains in the forest.

Active Directory uses DNS as the name resolution service to identify domains and domain host computers during processes such as logging on to the network.

Similar to the way a Windows NT 4.0 client will query WINS for a NetBIOS DOMAIN[1B] record to locate a PDC, or a NetBIOS DOMAIN[1C] record for domain controllers, a Windows 2000, 2003, or Windows XP client can query DNS to find a domain controller by looking for SRV records.