The Query Process
A query is a specific request made by a user to the global catalog in order to retrieve, modify, or delete Active Directory data. The following steps, illustrated in , describe the query process:
1.The client queries its DNS server for the location of the global catalog server.
2.The DNS server searches for the global catalog server location and returns the IP address of the domain controller designated as the global catalog server.
3.The client queries the IP address of the domain controller designated as the global catalog server. The query is sent to port 3268 on the domain controller; standard Active Directory queries are sent to port 389.
4.The global catalog server processes the query. If the global catalog contains the attribute of the object being searched for, the global catalog server provides a response to the client. If the global catalog does not contain the attribute of the object being searched for, the query is referred to Active Directory.
You can configure any domain controller or designate additional domain controllers as global catalog servers. When considering which domain controllers to designate as global catalog servers, base your decision on the ability of your network structure to handle replication and query traffic.
As an administrator, you must place global catalog servers in to provide quick responses to user inquiries, as well as redundancy. See Lesson 3, “Planning the Active Directory Infrastructure Design,” to learn the basics of designing global catalog server placement. See Chapter 5, “Configuring Sites and Managing Replication,” for details about configuring global catalog servers.
The global catalog performs the following two key functions:
It enables a user to log on to a network by providing universal group membership information to a domain controller when a logon process is initiated.
It enables finding directory information regardless of which domain in the forest actually contains the data.
The Supplemental CD-ROM includes an electronic version of this training kit, as well as eBooks for the Microsoft Encyclopedia of Networking, Second Edition, and the Microsoft Encyclopedia of Security. The eBooks are in portable document format (PDF) and must be viewed using Adobe Acrobat Reader.
Several exercises may require you to make changes to your servers. This may have undesirable results if you are connected to a larger network. If you are connected to a larger network, check with your network administrator before attempting these exercises.
