A global catalog server is a Windows domain controller that has been assigned the global catalog server role. It contains a full read/write copy of the domains schema and application partitions, just like any other Windows domain controller.
A global catalog server also contains a partial replica of all other domain partitions in the Active Directory (AD) forest. These partial replicas are read-only, and contain the most-queried attributes for each object in the AD forest. For example, replicas of user objects would contain commonly searched attributes like first name, last name, and email address.
At the Active Directory level, a global catalog server's biggest task is to facilitate the logon process. When a user initiates the logon process, the global catalog server provides the domain controller with the necessary universal group membership information. It also resolves User Principal Names (UPNs) when the domain controller involved in the authentication process has no knowledge of the account.
If a network's global catalog server fails, the only user who will be able to log on is the administrator. The exception to the rule: On extremely small networks, the Universal Group Membership Caching feature can be used in place of a global catalog server.
A global catalog server also performs a number of critical tasks at the Exchange Server level. For example, in order to send and receive email, both the Exchange server and Microsoft Outlook client must be able to query a global catalog server.
Exchange server must also query a global catalog server to resolve recipient email addresses. Microsoft Outlook clients can't even open the Global Address List (GAL) unless they can connect to a global catalog server (either directly or via DSProxy).
Global catalog server best practices for Exchange Server
By default, there is only one global catalog server in an organization. The first domain controller brought online as a part of a new Active Directory forest is automatically designated as the global catalog server.
Given the importance of global catalog servers, it might be tempting to designate all of your Windows 2000 or Windows 2003 domain controllers to act as global catalog servers. Doing so is usually a bad idea though, because of the volume of network traffic produced by Active Directory replication.
As a general rule of thumb, you should have a global catalog server in any AD site containing an application that requires extensive use of port number 3268 (the global catalog lookup port). Since Exchange Server is such an application, you want a global catalog server in any site that it resides.
You must also take into account the load that is being placed on your network and existing global catalog servers. Microsoft offers some guidelines you can use when deciding on global catalog placement in Knowledge Base article 875427, Global catalog server placement and ratios in an Exchange 2000 Server organization or Exchange Server 2003 organization.
If your AD forest consists of a single domain, all domain controllers should be configured to act as global catalog servers. Since the domain controllers have full knowledge of the domain anyway, designating them to act as global catalog servers does not require a significant amount of additional server resources.
But if your Exchange Server organization contains multiple mailbox servers, you should plan on having one global catalog server for ever four mailbox servers.
A site does not require a global catalog server if it does not contain an Exchange server, contains fewer than 100 users, and is connected to another network segment that has its own global catalog server via a reliable network link.
Organizations using Windows 2003 domain controllers with fewer than 100 users are often discouraged from deploying global catalog servers. Microsoft recommends enabling Universal Group Membership Caching as an alternative. But if you're using Exchange Server, that is not an option -- you must use a true global catalog server.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.