Recipe15.17.Enabling and Disabling the Global Catalog

Previous page
Table of content
Next page

Recipe 15.17. Enabling and Disabling the Global Catalog

Problem

You want to enable or disable the global catalog on a particular domain controller.

Solution

Using a graphical user interface

  1. Open the Active Directory Sites and Services snap-in.

  2. Browse to the nTDSDSA object (NtdS Settings) underneath the server object for the domain controller whose global catalog you want to enable or disable.

  3. Right-click on NTDS Settings and select Properties.

  4. Under the General tab, check (to enable) or uncheck (to disable) the box beside Global Catalog.

  5. Click OK.

Using a command-line interface

In the following command, <ServerObjectDN> should be the server object DN, not the DN of the ntdSDSA object:

> dsmod server "<ServerObjectDN>" -isgc yes|no

For example, the following command enables the global catalog on dc1 in the Raleigh site:

> dsmod server "cn=DC1,cn=servers,cn=Raleigh,cn=sites,cn=configuration,dc=rallencorp,dc=com" -isgc yes

Using VBScript
' This code enables or disables the GC for the specified DC ' ------ SCRIPT CONFIGURATION ------ strDC = "<DomainControllerName>"   ' e.g., dc01.rallencorp.com strGCEnable = 1                    ' 1 = enable, 0 = disable ' ------ END CONFIGURATION ---------     set objRootDSE = GetObject("LDAP://" & strDC & "/RootDSE") objNTDS = GetObject("LDAP://" & strDC & "/" &  _                     objRootDSE.Get("dSServiceName")) objNTDS.Put "options", strGCEnable objNTDS.SetInfo

Discussion

The first domain controller promoted into a forest is by default also made a global catalog server. If you want additional servers to contain the global catalog, you have to enable it. The global catalog on a domain controller becomes enabled when the low-order bit on the options attribute on the ntdSDSA object under the server object for the domain controller is set to 1. The DN of this object for dc1 in the Default-First-Site-Name site looks like this: cn=NTDSSettings,cn=DC1,cn=Default-First-Site-Name,cn=Sites,cn=Configuration, dc=rallencorp,dc=com.

After enabling the global catalog, it can take some time before the domain controller can start serving as a global catalog server. The length of time is based on the amount of data that needs to replicate and the type of connectivity between the domain controller's replication partners. Once a server has completed initial replication of the global catalog, the isGlobalCatalogReady attribute in the RootDSE will be marked TRUE. Another way to determine if a domain controller has been at least flagged to become a global catalog is by checking if the options attribute on the ntdSDSA object for the server has been set to 1. Note that this does not necessarily mean the server is accepting requests as a global catalog. After replication is complete, you should see Event 1119 in the Directory Services log stating the server is advertising itself as a global catalog. At that point, you should also be able to perform LDAP queries against port 3268 on that server.

If you have Exchange installed in the forest, you'll also need to reboot the server before it will be used as a global catalog by Exchange servers and clients.


See Also

MS KB 313994 (HOW TO: Create or Move a Global Catalog in Windows 2000)


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Information Dashboard Design: The Effective Visual Communication of Data
Microsoft VBScript Professional Projects
Cultural Imperative: Global Trends in the 21st Century
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy