Global Catalog on additional Domain Controller

 

Sometimes, we need to select additional Domain Controller as Global Catalog and we are wondering how to do that. This is always necessary to add this feature to Domain Controller running Windows Server 2003 after promotion it to DC. This feature is not automatically added.

When we use Windows Server 2008/2008R2 as Domain Controller then during promotion process we can make it as Global Catalog (if we do not turn off default options). However when we disable it during promotion process or you are promoting Windows Server 2003 then you need to enable that feature later.

This short article shows you how to do that.

Important! In single forest, multiple domain environment you need to ensure first, if all of your Domain Controllers are Global Catalogs. If not, you cannot place Global Catalog on a DC with Infrastructure Master Operation role!

To select additional Global Catalog in your domain, you need to use Active Directory Sites and Services console. This tool is located under “Administrative Tools” (even though, it is done on Windows Server 2003, all the same steps are valid for Windows Server 2008/2008R2)

Active Directory Sites and Services console

Navigate to Site in which desired Domain Controller is located and expand “Servers” node. Select that server and in the right pane, click right mouse button on “NTDS Settings” and choose “Properties”

NTDS Settings

Under “NTDS Settings” in “General” tab check “Global Catalog” checkbox.

Configuring Global Catalog

Configuring Global Catalog

Confirm by clicking on “OK” button and that’s all!

Author: Krzysztof Pytko

Facebooktwittergoogle_plusredditpinterestlinkedinmail

2 responses to “Global Catalog on additional Domain Controller”

  1. amit says :

    Awaiting domain rejoin delegation rights

     
    • iSiek says :

      Hello Amit,

      thank you for reading my blog 🙂

      Regarding domain rejoin permission there is not too much more to do than delegating rights for joining machines into a domain 😉 At this stage you can review an article on my blog for delegating permission to join computers into the domain and grant user/group permission to delete computer objects on a “Computers” container (by default, computer objects are created there. In case that you redirected a location for new computer objects using redircmp command, you need to grant that permission on appropriate OU) in your domain. And that’s all! 🙂

      In case that you need further help about that case, you can contact me directly on my e-mail which you will find on a tab “About me”.

      Regards,
      Krzysztof

       

Leave a Reply

Your email address will not be published. Required fields are marked *