Physical Structure  «Prev 

Limiting scope of the query in Active Directory

How Active Directory Searches Work

Active Directory Searches Architecture

The architecture for Active Directory searches includes both client and server components. On the client side, a directory client application constructs LDAP requests to be sent to Active Directory. These requests can be one of several types, including connect, bind (authentication), modify, and unbind. Depending on how a directory client application is written, one of three different application programming interfaces (APIs) is used to submit requests. The LDAP requests are received and processed by the Directory System Agent (DSA), which is represented by Ntdsa.dll on a domain controller. Ntdsa.dll runs as a part of the local security authority (LSA), which runs as Lsass.exe. The architecture for Active Directory searches is shown in the following figure. The components of the architecture for Active Directory searches are described in the following table.

Mastering Active Directory

Without a global catalog server, a search for all the printers in a forest requires a search of every domain in the forest

The result is increased traffic across the domains.

With a global catalog server, information about objects in all domains in the forest is contained in the global catalog

The query is resolved at the same domain location and is processed against the global catalog

The results are returned promptly, and the query does not result in unnecessary traffic across the domains

The global catalog server can therefore respond to queries about objects anywhere in the domain tree or forest with maximum speed and minimum network traffic