How to create or move a global catalog in

Windows Server 2003, Windows 2000, or

Small Business Server 2000
http://support.microsoft.com/kb/313994
This article explains how to create a new global catalog server. This may be
necessary if you need additional global catalog servers (e.g. to support an Exchange
2000 roll out) or if you want to move the global catalog server role to a different
domain controller.

There may be occasions when it is necessary to create a new global catalog to

replace an existing one, or to add a new global catalog. Microsoft recommends the
following method:

1. Create a new global catalog on a second domain controller.

2. Wait for the account and the schema information to replicate to the new
global catalog. For single domains, this is relatively straightforward. For
multiple domain networks, full replication will take additional time, depending
on the complexity of the network. The new global catalog will be created by
normal Active Directory (AD) replication and depending on the structure of
your AD forest, this replication could take considerable time.
3. Remove the global catalog from the original domain controller (optional).

By default, Windows 2000 will only place a Global catalog on the first Domain
Controller in each AD forest.

To create additional global catalog servers, or to move a global catalog from one
domain controller to another, you need to perform these actions manually.
Back to the top

How to create a new global catalog on the destination global catalog

server
To create a new global catalog:

1. On the domain controller where you want the new global catalog, start the
Active Directory Sites and Services snap-in. To start the snap-in, click Start,
point to Programs, point to Administrative Tools, and then click Active
Directory Sites and Services.
2. In the console tree, double-click Sites, and then double-click sitename.
3. Double-click Servers, click your domain controller, right-click NTDS
Settings, and then click Properties.
 4. On the General tab, click to select the Global catalog check box to assign
the role of global catalog to this server.
5. Restart the domain controller.

Note Allow sufficient time for the account and the schema information to replicate
to the new global catalog server before you remove the global catalog from the
original domain controller.

Event 1119 may be logged in the Directory Services log in Event Viewer with a
description that states that the computer is now advertising itself as a global
catalog server.

In a Windows 2000 domain with only one domain controller, you typically assign the
roles of the global catalog and of the operations master (also known as flexible
single-master operations or FSMO) to the same domain controller; however, in
domains with multiple domain controllers, particularly in forests with multiple
domains, it is important to consider the placement of these roles before you assign
them. For more information, click the following article number to view the article in
the Microsoft Knowledge Base:
223346 (http://support.microsoft.com/kb/223346/ ) FSMO Placement and
Optimization on Windows 2000 Domains

Back to the top

How to remove the global catalog from the original global catalog server
To remove the global catalog from the original domain controller:

1. On the domain controller from which you want to remove the global catalog,
start the Active Directory Sites and Services snap-in. To start the snap-in,
click Start, point to Programs, point to Administrative Tools, and then
click Active Directory Sites and Services.
2. In the console tree, double-click Sites, and then double-click sitename.
3. Double-click Servers, click your domain controller, right-click NTDS
Settings, and then click Properties.
4. On the General tab, click to clear the Global catalog check box to remove
the role of global catalog from this server.
5. Restart the domain controller.

Note Allow sufficient time for the account and the schema information to replicate
to the new global catalog server before you remove the global catalog from the
original domain controller.

If you create additional global catalog servers, this may provide quicker responses
to user inquiries; however, if you enable additional domain controllers as global
catalog servers, this may increase replication traffic on the network. For more
information about directory replication in Windows 2000, click the following article
number to view the article in the Microsoft Knowledge Base:
199174 (http://support.microsoft.com/kb/199174/ ) Directory replication basics for
Windows 2000

Back to the top

REFERENCES

For more information about the global catalog, click the

following article numb...
For more information about the global catalog, click the following article numbers
to view the articles in the Microsoft Knowledge Base:

257203 (http://support.microsoft.com/kb/257203/ ) Common default attributes set

for Active Directory and global catalog

232517 (http://support.microsoft.com/kb/232517/ ) Global catalog attributes and

replication properties

229662 (http://support.microsoft.com/kb/229662/ ) How to control what data is

stored in the global catalog

248717 (http://support.microsoft.com/kb/248717/ ) How to modify attributes that

replicate to the global catalog

199174 (http://support.microsoft.com/kb/199174/ ) Directory replication basics for

Windows 2000

229896 (http://support.microsoft.com/kb/229896/ ) Using Repadmin.exe to

troubleshoot Active Directory replication

How to Move the Global Catalog Role to

Another Domain Controller

There are several reasons to move the role of the global catalog from one domain controller to
another domain controller:
 • If you want to remove the only global catalog from a forest or site, you must first move
the global catalog role to another domain controller.
• If your global catalog receives too many authentication or logon requests, you may want
to move the global catalog functionality to a more productive domain controller in your
domain.
• Exchange Server 5.5 is not supported if it is installed on a global catalog that is in the
same Active Directory forest as another Exchange server because Exchange Server 5.5
can conflict with the Name Service Provider Interface (NSPI) port on which Active
Directory listens. Therefore, you must remove the global catalog role. For more
information, refer to the following article:

275127 (http://support.microsoft.com/kb/275127/EN-US/ ) XADM: How to Configure

Exchange Server 5.5 to Run on a Domain Controller or Global Catalog

To move the global catalog functions from one domain controller to another:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Sites and Services.
2. Double-click Sites to expand it, expand Servers, and then click the domain controller
that you want to have the new global catalog role.
3. Double-click the domain controller to expand the server contents.
4. Right-click the NTDS Settings object that is listed below the server, and then click
Properties.
5. On the General tab, click to select the Global Catalog check box to add the global
catalog function to the domain controller, and then click OK to apply the changes.
6. Click Active Directory Sites and Services, and then click the outdated global catalog or
domain controller that is going to have the global catalog function removed.
7. Open the properties of the domain controller, click to clear the Global Catalog check
box, and then click OK to apply the changes. For any change to take effect, you must
wait for the change to replicate throughout Active Directory on all of your domain
controllers.
8. Restart any domain controllers whose Global Catalog check boxes have been modified.

NOTE: You can have more than one global catalog in a Windows 2000 domain, but you must
have at least one global catalog for each domain where Exchange 2000 is installed. If you
already have more than one global catalog in your domain, you can ignore steps 2-5.

Global catalog placement requires planning except if you have a single-domain

forest. In a single-domain forest, configure all domain controllers as global catalog
servers. Because every domain controller stores the only domain directory partition
in the forest, configuring each domain controller as a global catalog server does not
require any additional disk space usage, CPU usage, or replication traffic. In a
single-domain forest, all domain controllers act as "virtual global catalog servers" in
that they can all respond to any authentication or service request. This special
condition for single-domain forests is by design (authentication requests do not
require contacting a global catalog server, as they do when there are multiple
domains and a user can be a member of a universal group that exists in a different
domain). However, only domain controllers that are designated as global catalog
servers can respond to global catalog queries on the global catalog port 3268. To
simplify administration in this scenario and to ensure consistent responses,
designating all domain controllers as global catalog servers eliminates the concern
about which domain controllers can respond to global catalog queries. Specifically,
any time a user uses Start\Search\For People or Find Printers, these requests go
only to the global catalog.