As I said in my previous article about this subject, the global catalog is a very important component in Active Directory, which contains all objects.
Using Global Catalog, our queries perform quickly and as long as we have Global Catalog on other Damion Controllers we will get a quick outcome without noticing we are creating Load Balance between our DC’s.
I really don’t see a reason to disable the GC on any DC’S, but still.
When we are installing a new DC It’s important to note that the global catalog is enabled by default and marked as grayed out.
Because of this, you must work with global catalog enabled.
If you add another domain controller, you will be able to uncheck the global catalog. But the first one is a MUST.
Is security group > once client performs log in the “authenticating domain controller” communicates with global catalog. If the global catalog is not available on the SITE despite that, the client will do log-in, it’s because of the client cache which created from the last login, if a user has not been performed login never on some computer, the user will not succeed to log in to the domain.
Port Global Catalog works:
Port (TCP/UDP): 3268
Port (TCP/UDP): 3269 – Global Catalog over SSL
How to enable global catalog?
Open Server Manager
Click on Active directory sites and services
Inside Active directory sites and services expend Sites
Once you are there, please right click on NTDS Settings and choose Properties
Click on General TAB and enable global catalog.