Designating Global Catalog Servers

Previous page
Table of content
Next page

  < Day Day Up > 


A domain controller designated as a global catalog stores a full replica of all objects in Active Directory for its host domain and a partial replica for all other domains in the domain forest. Global catalogs are used during logon and for information searches. In fact, if the global catalog is unavailable, normal users can’t log on to the domain. The only way to change this behavior is to cache universal group membership on local domain controllers. By default, the first domain controller installed in a domain is designated as the global catalog. You can also add global catalogs to a domain to help improve response time for logon and search requests. The recommended technique is to have one global catalog per site within a domain.

Any domain controller hosting a global catalog should be well connected to the network and to domain controllers acting as infrastructure masters. Infrastructure master is one of the five operations master roles that you can assign to a domain controller and it is responsible for updating object references. The infrastructure master does this by comparing its data with that of a global catalog. If the infrastructure master finds outdated data, it requests the updated data from a global catalog. The infrastructure master then replicates the changes to the other domain controllers in the domain.

Tip

When there’s only one domain controller in a domain, you can assign the infrastructure master role and the global catalog to the same domain controller. When there are two or more domain controllers in the domain, however, the global catalog and the infrastructure master shouldn’t be on the same domain controller as this can affect the infrastructure master’s ability to determine that directory data is out of date.

Finding Global Catalog Servers

Want to determine where the global catalogs are? For your current (logon) domain, just type dsquery server –isgc. The resulting output is a list of DNs for global catalogs, such as

"CN=CORPSVR02,CN=Servers,CN=Default-First-Site- 
Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com"

DSQUERY server can also be used to locate global catalogs in a specific domain. To do this, use the –Domain parameter, and type

 dsquery server -domain tech.cpandl.com -isgc

Here, you search for global catalog servers in the tech.cpandl.com domain. If you wanted to search the entire forest, you can do this as well. Just type

 dsquery server -forest -isgc

You can also search for global catalog servers by site, but to do this, you must know the full site name, and cannot use wildcards. For example, if you wanted to find all the global catalog servers for Default-First-Site-Name, you would have to type dsquery server –site Default-First-Site-Name.

Note

Being able to search site by site is important because you typically want at least one global catalog server per site. If you search a site and don’t find a global catalog, you should consider adding one.

Adding or Removing a Global Catalog

You can designate a domain controller as a global catalog using DSMOD server. Specify the DN of the server you want to work with and type –isgc yes to make it a global catalog server, such as

dsmod server "CN=corpdc05,OU=Eng,DC=cpandl,DC=com" -isgc yes

Another way to perform this task would be to use DSQUERY server to obtain a list of servers that you want to work with. Let’s say there are three domain controllers in the tech.cpandl.com domain and you want them all to be global catalogs. You could do this using the following command line:

dsquery server -domain tech.cpandl.com | dsmod server -isgc yes

Here, you use DSQUERY server to obtain the DNs for all domain controllers in the tech.cpandl.com domain and pass this information as input to DSMOD server, which in turn sets each domain controller as a global catalog.

If you later want a server to stop acting as a global catalog, type –isgc no. In this example, you no longer want the corpdc04 server in the tech.cpandl.com domain to host the global catalog:

dsmod server "CN=corpdc04,OU=Tech,DC=cpandl,DC=com" -isgc no

Checking Caching Settings and Global Catalog Preferences

Different levels of domain and forest functionality are available depending on the network configuration. If all domain controllers in your domain or forest are running at least Windows 2000 Server and the functional level is set to Windows 2000 Native mode, your organization can take advantage of the many additional features of Active Directory but can no longer use Windows NT primary domain controllers (PDC) and backup domain controllers (BDC). One of the features enabled in this mode is the caching of universal group membership.

In the event that no global catalog is available when the user tries to log on, caching of universal group membership makes it possible for normal users to log on. Caching is enabled or disabled on a per-site basis and you can determine if caching is enabled using DSGET site. To do this, provide the DN of the site you want to work with and pass the –Cachegroups parameter as shown in the following example:

dsget site "CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com" - cachegroups

If universal group membership caching is enabled, the output is:

cachegroups
yes
dsget succeeded

Otherwise, the output is:

cachegroups
no
dsget succeeded

Another way to perform this search would be to use the DSQUERY site command. If you type dsquery site on a line by itself, the command will return a list of all sites in the forest. To limit the result set, you can use the –Name parameter and either specify the common name of the site or use wildcards to specify a part of the name, such as:

dsquery site -name *First*

Here, you are looking for any site with the letters “First” in the common name.

To put this together, you could use the following command to determine the caching setting for all sites in the forest:

dsquery site | dsget site -cachegroups

What you’ll get is a list of “yes” and “no” answers similar to the following:

cachegroups
yes
yes
no
no
yes
dsget succeeded

To make the output more meaningful, you would add the –Dn parameter to display the DNs of the related sites, such as

Dn                                                         cachegroups
CN=Seattle-Site-Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com    yes
CN=LA-Site-Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com         yes
CN=NY-Site-Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com         yes
CN=Chicago-Site-Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com    yes
CN=Detroit-Site-Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com    yes
dsget succeeded

If universal group membership caching has been enabled, a domain with multiple global catalogs per site can have a preferred global catalog. This preferred global catalog is the one specifically used to refresh universal group membership caching for the site’s domain controllers. You can determine the preferred global catalog using the –Prefgcsite parameter. For example, you could type dsquery site | dsget site –cachegroups –prefgcsite to return the complete caching configuration for all global catalogs in the forest. You’ll see a “yes” or “no” value if preferred global catalogs are configured. If preferred global catalogs aren’t configured, you’ll see a value of “Not Configured.”


  < Day Day Up > 


Previous page
Table of content
Next page
Microsoft Windows Command-Line Administrator's Pocket Consultant
MicrosoftВ® WindowsВ® Command-Line Administrators Pocket Consultant
ISBN: 0735620385
EAN: 2147483647
Year: 2004
Pages: 114
Authors: William R. Stanek
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Beginning Cryptography with Java
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
PMP Practice Questions Exam Cram 2
VBScript in a Nutshell, 2nd Edition
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy