Before verifying if a Domain Controller (DC) is a Global Catalog (GC) server, it’s essential to grasp these concepts:
-
What is a Domain Controller ?
A Domain Controller is a server in a Microsoft Active Directory environment that authenticates and enforces security policies for users and computers.
-
What is a Global Catalog server ?
A Global Catalog server is a DC that contains a partial replica of every object in the Active Directory forest. It stores the most commonly searched attributes to speed up searches and enhance performance.
Why is a Global Catalog server important?
A GC exists because:
-
A Domain Controller (DC) is unable to access objects outside its domain
-
It optimizes system performance by storing commonly searched object attributes to improve replication and retrieval processes.
-
A DC might not have complete information required to grant authentication and access requests. However, with the GC containing all requisite data, it ensures uninterrupted user access and authentication.
-
In multi-domain scenarios, knowing which DC acts as a GC server facilitates efficient resource location and directory searches. It assists administrators in precisely directing directory service queries and hastens the process.
-
With strategic distribution of GCs, redundancy and fault tolerance are achieved. Monitoring and managing this distribution prevents overload and potential failure points.
Steps to verify a DC as a Global Catalog server:
Using graphical user interface (GUI):
Pre-requisites:
-
Connection to the domain
-
Remote Server Administration Tools (RSAT)
[ Note: You don’t have to be a domain Admin or do this process on a Domain Controller ]
To check if a DC is a global catalog server, you can perform the following steps:
-
Go to Server Manager → Tools → Active Directory Sites and Services.
-
Expand the Default-First-Site-Name → Servers.
-
All the Domain controllers that are available will appear in a list. Select the DC you want to verify.
-
Expand the DC
-
Right-click on its NTDS setting → Properties.
-
In the General tab, you will see a Global Catalog checkbox. If the DC is a global catalog server, the check box will be selected.
Using PowerShell:
Press Start, search for Windows PowerShell, right-click on it, and select Run as administrator.
Use the following commands:
1. To check on the current DC you are connected to:
Get-ADDomainController | ft Name,IsGlobalCatalog
2. To check all DCs on a site:
Get-ADDomainController -Filter {Site -eq 'Default-First-Site-Name'} | FT Name,IsGlobalCatalog
3. To check all DCs in a Forest:
Get-ADForest ABC.edu | FT GlobalCatalogs
Using command prompts:
-
Click Start
-
Click Run or ‘Windows key + R’, to open the run dailog box
-
Type ‘cmd’, and click OK.
-
Type the below commande and press enter
nltest /dsgetdc: Domain_name /server: Server_Name,
-
Ensure that the GC flag is present, the message received after executing the command in step 4 will be similar to the following:
DC: \\<ServerName>
Address: \\<IPAddress>
Dom Guid: <GUID> Dom Name: <DomainName>
Forest Name: <DomainName>.com
Dc Site Name: Default-First-Site-Name Our Site Name: Default-First-Site-Name Flags: PDC GC
