Domain controllers in Windows 2000 Server contain a fully writable copy of the domain directory partition for that domain. This allows any domain controller to update the Active Directory (AD) database.
A Windows 2000 domain also has a special domain controller that holds a copy of Global Catalog (GC). GC contains read-only copies of all objects in the AD forest, and thus has knowledge of all objects from other AD domains. GC records only a few of the most useful attributes of objects. This keeps the size of the database quite small.
GC is used primarily in three circumstances:
- When performing a search
- When a user logs on in a native-mode domain
- When a user logs on with a User Principal Name (UPN)
Because GC knows all of the objects in the whole forest, searches against GC are very fast and efficient. Without GC, manually searching every domain would be very time-consuming. GC is also contacted when a user logs on to a Windows 2000 domain. In a native-mode domain, GC contains universal groups and all their members. When a user logs on, domain controllers check GC to see to which universal group the user belongs. GC is also contacted when a user logs on with a UPN, and the domain controller that's processing the logon doesn't recognize the UPN suffix.
By default, GC is on the first domain controller in the forest, but you can add GC on other domain controllers from the Active Directory Sites And Services console in Start | Programs | Administrative Tools. Simply expand Sites | <site name> | Servers | <server name>, right-click NTDS Settings, and select Properties. The Global Catalog check box is on the General tab.
Miss a column?
Check out the Windows 2000 Server archive, and catch up on the all the Windows 2000 Server columns.
Want more Windows 2000 Server tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!