The Global Catalog stores information about all the objects within a forest. When you install Active Directory for the first time, that domain controller becomes the Global Catalog server for the entire forest. It stores full replicas of all object attributes created within the domain and also partial replicas of all object attributes created within other domains in the forest. There are a set of default attributes stored within the Global Catalog. These are the attributes most commonly used when performing searches. Information stored in the Global Catalog can be customized using the Active Directory Schema snap-in. In some organizations a single Global Catalog server may be sufficient. In other cases it may be necessary to designate additional domain controllers as Global Catalog servers.

One of the main roles a Global Catalog plays on the network is for locating directory information stored throughout the forest. Since it stores information about all objects, Administrators, users, and programmers can query the Global Catalog to quickly locate objects, thus making it easier to locate objects in another domain. It also reduces network traffic because all domain information does not need to be replicated between domains and users do not need to perform extensive searches when trying to locate an object within another domain.

For example, if you need to search for all the printers within a single forest, a query is sent to the global catalog server. The global catalog server processes the request against the information in the global catalog and returns the results. If global catalogs were not used, locating printers throughout the forest would require the user to search all of the domain controllers in every domain in the forest. Not only would this time-consuming and inefficient but it would also generate unnecessary network traffic.

The Global Catalog also plays a role in network logons. When a user logs on to a domain, the Global Catalog Server provides the domain controller authenticating the logon with the universal group membership information for the account.

Exam Watch: In Windows 2000, if a Global Catalog server was unavailable during the logon process, the user was only able to logon on locally (unless you were a member of the Domain Admins group). With Windows Server 2003, users can still logon using cached credentials.

Some of the concepts introduced in Active Directory can be difficult to understand at first. When Windows 2000 was introduced, many of us found ourselves overwhelmed with all the changes and new features.

One of the simplest ways to describe the function of the Global Catalog is to relate it to something that people are familiar with. For example, the Global Catalog could be compared to a telephone directory. When you need to locate an individual phone number or other information such as an address you can call the 411 directory service or use the telephone book. Either way you can “query” the telephone directory to quickly access the information. Not having such a service would make it difficult (or nearly impossible) to locate the information.

The Global Catalog performs the same function. It stores information like a telephone directory that users can perform queries against to locate specific information.