none
Global Catalog Server

    Question

  • In a multi-domain environment, what is the main difference between the partitions on a domain controller that is also a global catalog server, versus other domain controllers that are not configured as global catalog servers?
    Tuesday, February 09, 2010 11:24 PM

Answers

  • the difference is that global catalogs will have a different set of partitions.  really, it's an additional set of partitions.  in a 2K3 and beyond single-domain forest (we'll call our domain fed.gov), there are 5 partitions (or naming contexts), by default:

    1. domain (fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)

    now, when you add another domain (say usda) as a child, you add two new partitions:

    1. domain (usda.fed.gov)
    2. domainDNS [app partition] (usda.fed.gov)

    a standard (non-gc) dc in the usda.fed.gov domain (let's call him UDC1) would have these 5 default partitions (assuming he's a dns server):

    1. domain (usda.fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (usda.fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)

    now, if we were to turn UDC1 into a gc, he will pick up a read-only copy of all objects in the domain partition for any other domain in the forest.  in this case, that is the fed.gov domain.  so now, the partitions on UDC1 will look like this:

    1. domain (usda.fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (usda.fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)
    6. domain (fed.gov)  <-- read-only copy of all objects

    notice that UDC1 did not pick up the domainDNS partition for fed.gov.  that's because NDNCs (non-domain naming contexts) are excluded from the global catalog.

    also, the more domains you have, the more partitions that a gc will hold.  this does mean some replication and storage overhead (which varies by size and volatility of the domain) but generally speaking, it is a good idea to start with the goal of making all dcs into global catalog servers.

    hth

    /rich

    http://cbfive.com/blog
    • Proposed as answer by [JorgeM] Wednesday, February 10, 2010 1:45 AM
    • Marked as answer by beau30 Wednesday, February 10, 2010 9:31 PM
    Wednesday, February 10, 2010 12:50 AM

All replies

  • the difference is that global catalogs will have a different set of partitions.  really, it's an additional set of partitions.  in a 2K3 and beyond single-domain forest (we'll call our domain fed.gov), there are 5 partitions (or naming contexts), by default:

    1. domain (fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)

    now, when you add another domain (say usda) as a child, you add two new partitions:

    1. domain (usda.fed.gov)
    2. domainDNS [app partition] (usda.fed.gov)

    a standard (non-gc) dc in the usda.fed.gov domain (let's call him UDC1) would have these 5 default partitions (assuming he's a dns server):

    1. domain (usda.fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (usda.fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)

    now, if we were to turn UDC1 into a gc, he will pick up a read-only copy of all objects in the domain partition for any other domain in the forest.  in this case, that is the fed.gov domain.  so now, the partitions on UDC1 will look like this:

    1. domain (usda.fed.gov)
    2. config
    3. schema
    4. domainDNS [app partition] (usda.fed.gov)
    5. forestDNS [app partition] (_msdcs.fed.gov)
    6. domain (fed.gov)  <-- read-only copy of all objects

    notice that UDC1 did not pick up the domainDNS partition for fed.gov.  that's because NDNCs (non-domain naming contexts) are excluded from the global catalog.

    also, the more domains you have, the more partitions that a gc will hold.  this does mean some replication and storage overhead (which varies by size and volatility of the domain) but generally speaking, it is a good idea to start with the goal of making all dcs into global catalog servers.

    hth

    /rich

    http://cbfive.com/blog
    • Proposed as answer by [JorgeM] Wednesday, February 10, 2010 1:45 AM
    • Marked as answer by beau30 Wednesday, February 10, 2010 9:31 PM
    Wednesday, February 10, 2010 12:50 AM
  • Very nice Rich!
    Visit my blog: anITKB.com, an IT Knowledge Base.
    • Edited by [JorgeM] Wednesday, March 03, 2010 9:08 PM
    Wednesday, February 10, 2010 1:44 AM
  • thx Jorge.

    /rich

    http://cbfive.com/blog
    Wednesday, February 10, 2010 1:51 AM
  • Yes, great overview Rich.  Something else worth mentioning is that the information made available via the GC is a sub-set only.  The GC holds information about all objects in the replicated partitions, but only a sub-set of the available attributes.  Attributes that are replicated between GCs are known as the Partial Attribute Set (PAS).  You have the ability to change the PAS by making modifications to the relevant attribute class schema objects.

    Tony
    Wednesday, February 10, 2010 3:35 AM
  • definitely a good add.  i was thinking about it as i was writing and then forgot to include it.  thanks for covering me!

    /rich

    http://cbfive.com/blog
    Wednesday, February 10, 2010 5:33 AM
  • Great Post Rich you must include this in your blog.


    http://technetfaqs.wordpress.com
    Wednesday, February 10, 2010 6:25 AM
  • thx Syed.  and i appreciate the great suggestion.

    /rich

    http://cbfive.com/blog
    Wednesday, February 10, 2010 6:52 PM
  • You made it much clearer then the exercise manual I am currently working through, good wording Rich!

    Tuesday, February 16, 2010 9:43 PM
  • thank you!  i've posted a blog entry for this as well which is largely unchanged from the reply above.

    Tuesday, February 16, 2010 11:11 PM