Planning Global Catalog Server Placement
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Global catalog placement requires planning except if you have a single-domain forest. In a single-domain forest, configure all domain controllers as global catalog servers. Because every domain controller stores the only domain directory partition in the forest, configuring each domain controller as a global catalog server does not require any additional disk space usage, CPU usage, or replication traffic. In a single-domain forest, all domain controllers act as "virtual global catalog servers" in that they can all respond to any authentication or service request. This special condition for single-domain forests is by design (authentication requests do not require contacting a global catalog server, as they do when there are multiple domains and a user can be a member of a universal group that exists in a different domain). However, only domain controllers that are designated as global catalog servers can respond to global catalog queries on the global catalog port 3268. To simplify administration in this scenario and to ensure consistent responses, designating all domain controllers as global catalog servers eliminates the concern about which domain controllers can respond to global catalog queries. Specifically, any time a user uses Start\Search\For People or Find Printers, these requests go only to the global catalog.
In multiple-domain forests, global catalog servers facilitate user logon requests and forest-wide searches. Figure 3.11 illustrates how to determine which locations require global catalog servers.
Figure 3.11 Determining the Placement of Global Catalog Servers
Adding Global Catalog Servers Based on Application Requirements
Certain applications, such as Microsoft® Exchange® 2000, Message Queuing (also known as MSMQ), and applications using Distributed COM (DCOM), do not deliver adequate response over latent WAN links and therefore need a highly available global catalog infrastructure to provide low query latency. Determine whether any applications that perform poorly over a slow WAN link are running in locations or whether the locations include Exchange servers. If your locations include applications that do not deliver optimum response over a WAN link, you must place a global catalog server at the location to reduce query latency.
Adding Global Catalog Servers for a Large Number of Users
Place global catalog servers at all locations that contain more than 100 users to reduce congestion of network WAN links and to prevent productivity loss in case of WAN link failure.
Using Highly Available Bandwidth
You do not need to place a global catalog at a location that does not include applications that require a global catalog server, includes less than 100 users, and is also connected to another location that includes a global catalog server by a WAN link that is 100 percent available for Active Directory. In this case, the users can access the global catalog server over the WAN link.
Adding Global Catalog Servers for a Large Number of Roaming Users
Roaming users need to contact the global catalog servers whenever they log on for the first time at any location. Place a global catalog at a location that is visited by a large number of roaming users if the logon time over the WAN link is unacceptable.
Enabling Universal Group Membership Caching
For locations that include less than 100 users and do not include a large number of roaming users or applications that require a global catalog server, you can deploy domain controllers that are running Windows Server 2003 and enable universal group membership caching. Ensure that the global catalog servers are not more than one replication hop from the domain controller on which universal group membership caching is enabled, so that universal group information in the cache can be refreshed.
For more information about how to enable universal group membership caching, see “Cache universal group memberships” in Help and Support Center for Windows Server 2003. For information about how universal group caching works, see "How the Global Catalog Works" in the Windows Server 2003 Technical Reference.
For a worksheet to assist you in documenting where you plan to place global catalog servers and domain controllers with universal group caching enabled, see "Domain Controller Placement" (DSSTOPO_4.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Domain Controller Placement" on the Microsoft Web site http://go.microsoft.com/fwlink/?linkid=9568). For an example of a completed Domain Controller Placement worksheet, see "Example: Determining Domain Controller Placement" later in this chapter. You need to refer to the information about locations in which you need to place global catalog servers when you deploy the forest root domain and regional domains.