G

global catalog (GC)

Active Directory™ forest consists of several directory partitions. Often, the user or application does not know what partition contains a desired object. The global catalog (GC) servers enable users and applications to find an object in a forest, given one or more attributes of the target object.

A global catalog server is a domain controller that contains a full replica of its own domain and a partial replica of every other domain in the forest. Like all domain controllers, it contains the schema and configuration partitions as well. This means that a GC server holds a replica of every object in Active Directory™, but most replicas contain only a small subset of attributes. The attributes in the partial replicas are those most frequently used in search operations (such as a user's first and last names, login names, and so on) — attributes that are most useful to locate a full replica of the object. A GC search yields the distinguished name (DN) of the desired object; given the DN, an application can connect to a domain controller holding a full replica of the object.

Administrators specify which domain controllers are global catalog servers. The Active Directory replication system automatically maintains partial replicas held on global catalog servers. The properties replicated into the global catalog include a base set defined by Microsoft®. Administrators can specify additional properties to meet the needs of their installation.

global catalog server

The global catalog server is a Windows 2000 domain controller that holds a copy of the global catalog for the forest.

global group

A global group can appear on access-control lists (ACLs) anywhere in the forest. A global group can contain users and other global groups from its own domain.

group

The three group types (global, domain local, universal) provide a rich and flexible access-control environment, while reducing replication traffic to the global catalog (GC) when group membership changes. A universal group appears in the GC, but will contain primarily global groups from domains in the forest. Once the global groups are established, the membership in the universal group will change infrequently. Global groups appear in the GC, but not their members. Membership changes in global groups are not replicated outside of the domain where they are defined. Domain local groups are valid only in the domain where they are defined and do not appear in the GC at all.

group policy

Group policy is an extensible framework that refers to applying policy to the "groups" of computers and/or users contained within Active Directory™ containers. This type of policy includes not only registry-based policies, but many types of policy data, such as file deployment, application deployment, logon/logoff scripts and startup/shutdown scripts, domain security, IPSEC, and so on. The "blobs of policy" are referred to as group policy objects (GPO).

This new infrastructure works with a document-centric approach. In addition to the enhanced polices that are available, the directory hierarchy allows group policy to affect computers and users in sites, domains, or organizational units (SDOU), as well as filtering effective policy based on security group membership. GPO(s) are associated (linked) with these Active Directory™ containers: sites, domains, organizational units (SDOU). This is analogous to Microsoft® Word permitting multiple .dot templates to specify the formatting of a .doc file.