DC是Domain Controller
GC是Global Catalog
GC是做什么的, 有什么特点详见下面的话:
In a multi-domain forest the Active Directory database becomes partitioned. That is, each domain maintains a list of only those objects that belong in that domain. So, for example, a user created in Domain A would be listed only in Domain A's domain controllers. Global catalog (GC) servers are used to provide a global listing of all objects in the Forest. The Global catalog is held on domain controllers configured as global catalog servers. Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest. However, in order to minimize replication traffic and to keep the GC's database small, only selected attributes of each object are replicated. This is called the partial attribute set (PAS). The PAS can be modified by modifying the schema and marking attributes for replication to the GC.
简单来说, 多个域的情况下, 每个域都会有自己的DC, DC中维护自己域当中的对象. 当需要跨域查询对象的时候, 一个个的查询DC是不恰当的, Active Directory采用的方式是建立一个Global Catalog(GC), 查询一个对象的时候最保险的方法就是查询GC. 它维护着一个列表, 存储着各个域的所有对象. 但是为了让GC的数据库小一些, 其中就只存储某些必要的属性. 所以在查询GC的时候, 返回的对象并不包含所有的属性.
可以在command prompt中使用如下的命令来测试一下从DC和GC索取对象时的结果差异.
- 连接DC: ldifde -f output.txt -r ("cn=<username>")
- 连接GC: ldifde -f output.txt -r ("cn=<username>") -t 3268
明显GC返回的结果中属性要少很多, 比如Title和Department. 因为默认情况下这两个属性的In Global Catalog为false.
http://en.wikipedia.org/wiki/Active_Directory
http://msdn.microsoft.com/en-us/library/ms675490%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms680037%28VS.85%29.aspx