Configure a New Global Catalog
How can I configure a Windows 2000/2003 Server as a Global Catalog?
The Global Catalog (GC) contains an entry for every object in an enterprise forest but only a few properties for each object. An entire forest shares a GC, with multiple servers holding copies. You can perform an enterprise wide forest search only on the properties in the GC, whereas you can search for any property in a user’s domain tree. Only Directory Services (DS) or Domain Controller (DC) can hold a copy of the GC.
Configuring an excessive number of GCs in a domain wastes network bandwidth during replication. One GC server per domain in each physical location is sufficient. Windows NT sets servers as GCs as necessary, so you don’t need to configure additional GCs unless you notice slow query response times.
Because full searches involve querying the whole domain tree rather than the GC, grouping the enterprise into one tree will improve your searches. Thus, you can search for items not in the GC.
By default, the first DC in the First Domain in the First Tree in the AD Forest (the root domain) will be configured as the GC.
You can configure another DC to become the GC, or even add it as another GC while keeping the first default one.
Reasons for such an action might be the need to place a GC in each AD Site.
To configure a Windows 2000/2003 Domain Controller as a GC server, perform the following steps:
- Start the Microsoft Management Console (MMC) Active Directory Sites and Services Manager. (From the Start menu, select Programs, Administrative Tools, Active Directory Sites and Services Manager).
- Select the Sites branch.
- Select the site that owns the server, and expand the Servers branch.
- Select the server you want to configure.
- Right-click NTDS Settings, and select Properties.
- Select or clear the Global Catalog Server checkbox, which the Screen shows.
- Click Apply, OK.
You must allow for the GC to replicate itself throughout the forest. This process might take anywhere between 10-15 minutes to even several days, all depending on your AD infrastructure.