Distributed Networks Distributed Networks




Physical Structure  «Prev 
Global catalog server

User logon, global catalog, and Domain Controller

What Is the Global Catalog?

Common Global Catalog Scenarios

The following events require a global catalog server:
  1. Forest-wide searches. The global catalog provides a resource for searching an AD DS forest. Forest-wide searches are identified by the LDAP port that they use. If the search query uses port 3268, the query is sent to a global catalog server.
  2. User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:
    1. In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
    2. When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
  3. Universal Group Membership Caching: In a forest that has more than one domain, in sites that have domain users but no global catalog server, Universal Group Membership Caching can be used to enable caching of logon credentials so that the global catalog does not have to be contacted for subsequent user logons. This feature eliminates the need to retrieve universal group memberships across a WAN link from a global catalog server in a different site.


When a user sends a logon request to the network
When a user sends a logon request to the network

If a global catalog server is not available when a user initiates a network logon
If a global catalog server is not available when a user initiates a network logon


If a user is a member of the Domain Admins group, the user can log onto the network
If a user is a member of the Domain Admins group, the user can log onto the network