DistributedNetworks DistributedNetworks


Physical Structure  «Prev 

Types of Active Directory Domain Controllers

1) Domain, 2) Global Catalog Server, 3) Operations Master

Domain Controller Roles

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.

Global Catalog Servers

Every domain controller stores the objects for the domain in which it is installed. However, a domain controller designated as a global catalog server stores the objects from all domains in the forest. For each object that is not in the domain for which the global catalog server is authoritative as a domain controller, a limited set of attributes is stored in a partial replica of the domain. Therefore, a global catalog server stores its own full, writable domain replica (all objects and all attributes) plus a partial, read-only replica of every other domain in the forest. The global catalog is built and updated automatically by the AD DS replication system. The object attributes that are replicated to global catalog servers are the attributes that are most likely to be used to search for the object in AD DS. The attributes that are replicated to the global catalog are identified in the schema as the partial attribute set (PAS) and are defined by default by Microsoft. However, to optimize searching, you can edit the schema by adding or removing attributes that are stored in the global catalog.
The global catalog makes it possible for clients to search AD DS without having to be referred from server to server until a domain controller that has the domain directory partition storing the requested object is found. By default, AD DS searches are directed to global catalog servers.
The first domain controller in a forest is automatically created as a global catalog server. Thereafter, you can designate other domain controllers to be global catalog servers if they are needed.

Prepare Forest for Windows Server 2008 Active Directory Domain Services

The forest itself must be prepared for Windows Server 2008 Active Directory Domain Services. Thereafter, each domain that will contain domain controllers running Windows Server 2008 also needs to be prepared. Lastly, if you plan to deploy (RODCs) read-only domain controllers into the forest, additional preparation is required.
Problem: If your environment consists of an existing Windows 2000 Server or Windows Server 2003 Active Directory Domain Services forest, you must prepare the existing forest for Windows Server 2008 before you can add a domain controller that has Windows Server 2008 installed. Preparing an existing forest consists of updating the AD DS schema.
Solution: The schema update consists of extending the existing AD DS schema to include the attributes and classes that are new in Windows Server 2008. The Windows Server 2008 installation media includes the ADPrep command-line tool, which is used to prepare an existing forest for Windows Server 2008 AD DS. The schema update must be completed on the domain controller that holds the schema master operations master role. To find the domain controller that holds the schema master operations master role, type the following command into a command prompt window:

There are three roles domain controllers can fill: 1) Domain Controller, 2) Global Catalog Server, and 3) Operations Master. A specific domain controller can fill one or more roles simultaneously.

The domain controller can be described as a Windows OS based server holding a copy of the Active Directory partition for the domain.

Global Catalog Server: This is a Windows domain controller that holds a copy of the global catalog for the forest. Usually the first Domain Controller is also the Global Catalog Server. There can be more than one Global Catalog Server.

Operations master: This is a Windows domain controller that currently owns one or more of five master roles for a given operation. We will discuss these roles in future lessons.