Tip

Placing global catalog servers in Active Directory

James Michael Stewart, Contributor

When designing and implementing an Active Directory domain, you need to think about the placement of your global catalog servers. The global catalog is the master index of objects within an Active Directory forest. The global catalog serves as a quick search tool to locate objects within a forest. Every domain must have at least one global catalog server. The first domain controller (DC) installed into a domain automatically serves as that domain's global catalog server by default. As the size of your forest grows, there may become a need to configure additional global catalog servers throughout the forest (i.e., in each domain).

There are two main issues to consider when placing global catalog servers into a domain. The first is the traffic levels and the second is the location of infrastructure FSMO (flexible single master operations) servers.

As the forest gets larger, so does the global catalog. As the global catalog expands, the amount of replication traffic it generates increases. Global catalog servers replicate with each other. This is separate replication traffic from that used to support Active Directory itself. From an overall perspective of the forest, when fewer global catalog servers are deployed in a forest, there will be less replication traffic, but it will cause more query traffic. Conversely, deploying more global catalog servers in a forest will cause more replication traffic, but reduce query traffic. Replication traffic can also be managed

    Requires Free Membership to View

through the use of sites by placing at least one global catalog server in each site.

The second issue is the selection of a domain controller to act as the host for the global catalog. Domain controllers can serve numerous roles in a domain and/or forest; global catalog server is but one of them.

A very important infrastructure design issue to consider is where the infrastructure FSMO role is assigned. Whenever possible, the global catalog server and the infrastructure FSMO server should be separate domain controllers. By default, the first domain controller installed into a forest has all of the possible server roles assigned to it. Thus, the first domain controller in a forest hosts both the infrastructure FSMO role and the global catalog. Immediately after installing a second domain controller in the forest, move one of these roles to the new DC. The reason for this is that the infrastructure FSMO server is responsible for cleaning up stale references in between objects in the forest. Objects that have been moved, renamed or deleted often leave stale (i.e., invalid) references. Stale references are located by checking each object against the global catalog server. If these two DC roles are on the same box, the verification process fails to recognize invalid references, and thus cleanup doesn't take place.




James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was first published in June 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.