Global Catalog Domain Controller Placement

The placement of domain controllers in Windows Server 2003 is the critical factor to improve the communication response time from an Active Directory query. Without prompt response from a domain controller, a user may have to wait several seconds to several minutes to merely log on to the network, or it could take a similar length of time to even view the list of email recipients the user wants to send a message to.

This section deals with specific server placement issues for Active Directory domain controllers and global catalog servers. For more in-depth coverage of these concepts, refer to Chapter 4, "Active Directory Primer," and Chapter 5, "Designing a Windows Server 2003 Active Directory."

Understanding the Role of the Active Directory Global Catalog

The global catalog in Active Directory is an index of all objects in an Active Directory forest. All domain controllers in Windows Server 2003's Active Directory are not by default global catalog servers, so they must be established as such through the following procedure:

Global Catalog/Domain Controller Placement

It is important to understand that global catalog objects must be physically located close to all objects in a network that require prompt login times and fast connectivity. Because a global catalog entry is parsed for universal group membership every time a user logs in, this effectively means that this information must be close at hand. This can be accomplished by placing GC/DCs on the same WAN site or by using a process new to Windows Server 2003 called universal group caching.

Universal Group Caching

Universal group caching is a process by which an Active Directory site caches all universal group membership locally so that the next time clients log in, information is more quickly provided to the clients and they are able to log in faster.

Universal group caching is more effective than placing a GC/DC server locally because only those universal groups that are relevant to a local site's members are replicated and are cached on the local domain controller. The downside to this approach, however, is that the first login for clients will still be longer than if a local GC/DC were provided, and the cache eventually expires, requiring another sync with a GC/DC.

You can set up universal group caching on a site level as follows:

Global Catalog and Domain Controller Placement

As illustrated in the preceding sections, decisions must be made regarding the most efficient placement of DCs and GC/DCs in an environment. Determining the placement of GC/DCs and universal group caching sites must be done with an eye toward determining how important fast logins are for users in a site compared to higher replication throughput. For many Windows Server 2003 environments, the following rules apply:

• Sites with fewer than 50 users Use a single DC configured with universal group caching.

• Sites with 50100 users Use two DCs configured for universal group caching.

• Sites with 100200 users Use a single GC server and single DC server.

• Sites with 200+ users Alternate adding additional DCs and GC/DCs for every 100 users.

The recommendations listed here are generalized and should not be construed as relevant to every environment. Some scenarios might call for variations to these approaches, such as when using Microsoft Exchange in a site. However, these general guidelines can help to size an Active Directory environment for domain controller placement.