ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Azure Active DirectoryAzure AD Fundamentals

How to verify DC functionality as a Global Catalog server?

Before verifying if a Domain Controller (DC) is a Global Catalog (GC) server, it’s essential to grasp these concepts:

A Domain Controller is a server in a Microsoft Active Directory environment that authenticates and enforces security policies for users and computers.

A Global Catalog server is a DC that contains a partial replica of every object in the Active Directory forest. It stores the most commonly searched attributes to speed up searches and enhance performance.

Why is a Global Catalog server important?

A GC exists because:

  1. A Domain Controller (DC) is unable to access objects outside its domain

  2. It optimizes system performance by storing commonly searched object attributes to improve replication and retrieval processes.

  3. A DC might not have complete information required to grant authentication and access requests. However, with the GC containing all requisite data, it ensures uninterrupted user access and authentication.

  4. In multi-domain scenarios, knowing which DC acts as a GC server facilitates efficient resource location and directory searches. It assists administrators in precisely directing directory service queries and hastens the process.

  5. With strategic distribution of GCs, redundancy and fault tolerance are achieved. Monitoring and managing this distribution prevents overload and potential failure points.

Steps to verify a DC as a Global Catalog server:

Using graphical user interface (GUI):

Pre-requisites:

  • Connection to the domain

  • Remote Server Administration Tools (RSAT)

[ Note: You don’t have to be a domain Admin or do this process on a Domain Controller ] 

To check if a DC is a global catalog server, you can perform the following steps:

  • Go to Server Manager → Tools → Active Directory Sites and Services.

  • Expand the Default-First-Site-Name → Servers.

  • All the Domain controllers that are available will appear in a list. Select the DC you want to verify.

  • Expand the DC

  • Right-click on its NTDS setting → Properties.

  • In the General tab, you will see a Global Catalog checkbox. If the DC is a global catalog server, the check box will be selected. 

Using PowerShell:

Press Start, search for Windows PowerShell, right-click on it, and select Run as administrator.

Use the following commands:

1. To check on the current DC you are connected to:

Get-ADDomainController | ft Name,IsGlobalCatalog

2. To check all DCs on a site:

Get-ADDomainController -Filter {Site -eq 'Default-First-Site-Name'} | FT Name,IsGlobalCatalog

3. To check all DCs in a Forest:

Get-ADForest ABC.edu | FT GlobalCatalogs

Using command prompts:

  • Click Start

  • Click Run or ‘Windows key + R’, to open the run dailog box

  • Type ‘cmd’, and click OK.

  • Type the below commande and press enter

nltest /dsgetdc: Domain_name /server: Server_Name,
  • Ensure that the GC flag is present, the message received after executing the command in step 4 will be similar to the following:

DC: \\<ServerName>
Address: \\<IPAddress>
Dom Guid: <GUID> Dom Name: <DomainName>
Forest Name: <DomainName>.com
Dc Site Name: Default-First-Site-Name Our Site Name: Default-First-Site-Name Flags: PDC GC
Related posts
Azure Active DirectoryAzure AD Management

How to implement app registration in Microsoft Entra ID

Azure Active DirectoryAzure AD Management

How to register apps using Microsoft Entra ID

Azure Active DirectoryAzure AD Security

How to monitor and report security events in Microsoft Entra ID

Azure Active DirectoryAzure AD Management

How to implement device enrollemnt via Microsoft Intune

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.