Active Directory – Check if a DC is a Global Catalog

To totally unlock this section you need to Log-in

There are several ways to find out if a Domain Controller has the Global Catalog role enabled. In this article, we’ll see how to determine this using the graphical user interface (GUI and PowerShell.

Using the graphical user interface (GUI)

After you connect to DC, open the Active Directory Sites and Services console. Expand the Sites container until you find the DC you want to check.

Right-click NTDS Settings and then click Properties.

Active Directory - Check if a DC is a Global Catalog

Here, on the General tab, you can see if the Domain Controller has enabled the Global Catalog role or not.

Active Directory - Check if a DC is a Global Catalog

Using PowerShell

To check on the current DC you are connected to, use the following command:

Get-ADDomainController | ft Name,IsGlobalCatalog

To check all DCs on a Site, use the following command:

Get-ADDomainController-Filter {Site-eq ‘Default-First-Site-Name’}} | FT Name,IsGlobalCatalog

To check all DCs in a Forest, use the following command.:

Get-ADForest meraki.edu | FL GlobalCatalogs

Active Directory - Check if a DC is a Global Catalog

Dsquery

By using the integrated dsquery (Active Directory Domain Services):

C:\>dsquery server -isgc -domain “ad.contoso.com”
# RESULT
“CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com”
“CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com”
“CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com”

Nltest

Open a command prompt: to open a command prompt, click Start, click Run, type cmd, and then click OK.

Type the following command, and then press Enter key:

nltest /server:

  • nltest: performs network administrative tasks.
  • /server:: specifies the name of the domain controller that you have designated as a global catalog server.
  • /dsgetsdc:: specifies the name of the domain to which the server belongs.

In the Flags line of the output, if GC appears, the global catalog server has satisfied its replication requirements.

To view the complete syntax for this command, at a command prompt, type:

nltest /?

Nslookup

We could also query directly the DNS server (Active Directory) and request the gc._msdcs.ad.contoso.com record by using nslookup:

C:\>nslookup gc._msdcs.ad.contoso.com
# RESULT
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
primary name server = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.ip6.arpa
responsible mail addr = (root)
serial = 0
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
Server: UnKnown
Address: ::1

Name: gc._msdcs.ad.contoso.com
Addresses:15.14.1.98
11.4.46.31
142.11.2.129