Active Directory

Establishing a Proper Global Catalog Placement Strategy

Deciding how many Global Catalog Servers to have on your network, and where to place those servers can be tricky. If there are too few Global Catalog Servers, you could cause severe performance problems or possibly a single point of failure. At the same time though, having too many Global Catalog Servers can also cause performance problems. So what’s an administrator to do? In this article, I will share with you some techniques for determining how many global catalog servers you really need.

Why Are Global Catalog Servers So Important?

In case you aren’t familiar with Global Catalog Servers, they are simply domain controllers that have been designated to perform the Global Catalog server role. When you create an Active Directory forest, the first domain controller in the forest is automatically assigned the Global Catalog server roll, because every forest requires at least one Global Catalog server.

The Global Catalog server performs a variety of tasks, both for Windows and for Exchange. Since my primary focus in this article is Exchange Server, I don’t really want to get into the Global Catalog server’s Windows related function. I will tell you though, that if a Global Catalog server is not available, then nobody will be able to log into the domain except for the Administrator.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

As you can see, the Global Catalog server performs some critical functions at the Active Directory level, but its role in relation to Exchange Server is just as critical. In order for clients to be able to send and receive mail, both the Outlook client and the Exchange Server must be able to query a global catalog server. Without access to a Global Catalog server, Outlook clients will not be able to open the Global Address List or resolve the e-mail addresses of message recipients within the forest.

Global Catalog Server Placement

Now that I have given you an idea of why Global Catalog servers are so important, let’s talk about placement. Given the fact that any domain controller that’s running Windows 2000 or Windows Server 2003 can be designated to act as a Global Catalog server, it might be tempting to just designate every domain controller to act as a Global Catalog server. In most cases this is a bad idea though. Global Catalog servers produce quite a bit of traffic related to the replication process.

Over the years, Microsoft has released several different guidelines for Global Catalog placement, many of which are contradictory. One set of guidelines states that you should place a Global Catalog Server into any site that contains a server that’s running an application that makes use of port 3268 (the Global Catalog lookup port). Exchange Server is such an application, so if you were to follow this rule, then you would want to place a Global Catalog server into any site that contains an Exchange Server.

Another Microsoft document that I read suggested placing a Global Catalog server into each site, regardless of what the site is used for. I tend to think that this is the best approach, given the critical nature of Global Catalog servers, and the fact that clients make use of the global catalog during the logon process. Microsoft does state however, that a site doesn’t need a Global Catalog server if the site does not contain any servers running Global Catalog dependant applications (such as Exchange), contains fewer than 100 users, and is directly connected to a site that does contain a Global Catalog Server.

Keep in mind that this is a generic guideline though. The recommendations change depending on the size and topology of your network. For example, in large organizations with lots of Exchange mailboxes, it is possible for a Global Catalog server to become overwhelmed. To keep that from happening, Microsoft recommends having one Global Catalog Server for every four mailbox servers. Therefore, if a site contained eight mailbox servers, then you would want to place at least two global catalog servers in that site.

Of course not every network is large enough to have multiple sites. If you have a single site, single domain network, then it is safe to go ahead and designate all of your domain controllers to act as Global Catalog servers. In this type of environment, all of the domain controllers contain full copies of the Active Directory anyway, so the additional resource consumption caused by having multiple Global Catalog servers will be minimal.

Summary

Being that Global Catalog servers are so critically important to the Active Directory and to Exchange, it is important to make sure that your network uses them in an optimal manner. In this article, I have provided some general guidelines to Global Catalog server placement.

Related Topics:

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: