When we promote a Windows Server 2016 to a Domain Controller, it will also set to have the role of the Global Catalog (GC) server as a default. Unless of course, you uncheck the corresponding option in the Configuration Wizard. Which of your Domain Controllers are GCs? It’s very easy to check it out.
In the following steps, we’ll see how to enable and disable a Global Catalog server using both the graphical user interface and PowerShell. In addition, if we enable a GC, we’ll see how to check if it’s ready to use in the Active Directory infrastructure.
Using the GUI
After you connect to DC, open the Active Directory Sites and Services console. Expand the Sites container until you find the DC you want to check. Right-click NTDS Settings and then click Properties.
Here, on the General tab, click Global Catalog to activate the role or uncheck it to disable it.
Using PowerShell
To enable the Global Catalog on a DC, use the following command and change values according to your infrastructure.
Set-ADObject "CN=NTDS Settings,CN=Fabrikam-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=COM" -Replace@{options='1'} |
Alternatively, with one variation you can simply type the name of the DC as shown below.
Set-ADObject -Identity (Get-ADDomainController DC02).ntdssettingsobjectdn -Replace @{options='1'} |
For both cases, the option options = ‘1‘ refers to the activation of the Global Catalog and the option options = ‘0‘ to disable it.
Global Catalog readiness check
As a typical next step, once you have activated the Global Catalog, it is good to check its readiness. A GC is “advertised” on the network and assumes the role of GC only when replication is completed.
To do this using the graphical user interface, type LDP in the search bar and open the corresponding tool. Click on the Connection menu and then Connect. Here, make sure the port is set to 389 and click OK.
In the text that appears, find the isGlobalCatalogReady value and if it has the TRUE value then your GC is ready.
Alternatively, you can check the GC readiness through the command line. Type the following command by changing the values with your own.
nltest /server:<servername> /dsgetdc:<domainname> |
If the GC record is displayed in the Flags it means again that your GC is ready.
