Physical Structure  «Prev 

User logon, Global Catalog, and Domain Controller

What Is the Global Catalog?

The following events require a global catalog server:
  1. Forest-wide searches. The global catalog provides a resource for searching an AD DS forest. Forest-wide searches are identified by the LDAP port that they use. If the search query uses port 3268, the query is sent to a global catalog server.
  2. User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:
    1. In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
    2. When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
  3. Universal Group Membership Caching: In a forest that has more than one domain, in sites that have domain users but no global catalog server, Universal Group Membership Caching can be used to enable caching of logon credentials so that the global catalog does not have to be contacted for subsequent user logons. This feature eliminates the need to retrieve universal group memberships across a WAN link from a global catalog server in a different site.

1) When a user sends a logon request to the network, the global catalog server provides universal group membership information for the account to the domain controller that processes the user logon information

2) If a global catalog server is not available when a user initiates a network logon process, then the user is only able to log on to the local computer. In this case, some network resources will be unavailable.

3) If a user is a member of the Domain Admins group, then the user can log onto the network even when the global catalog server is not available.