In the process of learning "Windows Active Directory", there is an important concept called "Global Catalog". Many students do not know its role. For a global catalog, the textbook definition is that the global catalog contains the most important attributes for each object in each Active Directory, and is a collection of all objects in the domain forest. The domain server in which the global catalog resides is called a global catalog server (GC server), and the first DC created in the Active Directory of the default deployment must be a global catalog server, and other domain servers can be assigned as additional global catalog servers to balance network traffic.
What does a global catalog server store?
A complete copy of all objects in the directory for this domain. A partial read-only copy of all objects in all other domains in the forest.
In order to better explain this truth, we can contact a common case in life: Bank take money case
If the bank is a forest, then "ICBC", "BOC", "abc" and so on are the different domains in this forest. Let's take ICBC for a while. You are in the ICBC open, your account will only exist in ICBC this "domain" inside, other banks can not have your bank account. When you take the ICBC card with "UnionPay" to get the money from the ATM, any ATM machine will recognize your account, but if you do not take the "UnionPay" card to get the money, the ATM machine in other banks will not be able to recognize your card. This can be said: The account of the UnionPay card exists in the global catalog server, so the other banks also have a copy of your account. Non-UnionPay card accounts are not in the global catalog server and can only be used in the bank (local domain).
Let's see what "copy" reads: Enter password verification, take money to write: Change password, save
With ICBC's UnionPay card, you can collect, save, and change all of the services on the ICBC ATM machine because the global catalog server stores a complete copy of all the objects in this domain (ICBC). You are in the ICBC ATM machine business, equivalent to the activity in the domain, so not only can verify the account after the money (read), but also can change the password, save (write). However, if you take the ICBC card in the ATM machine of other banks to transact business, you can only handle the money, can not handle saving, change the password. That's because your account doesn't belong to another bank (it's not part of another domain), and the other domain only has a copy of your read-only portion, so you don't have the Write permission.
In fact, from this case you can also find that, although the computer knowledge is more abstract, but it is basically linked to our lives, so long as more thinking, more observation, all the problems will become more simple.
Read the "Global Catalog" in a bank case
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
