To totally unlock this section you need to Log-in
There are several ways to find out if a Domain Controller has the Global Catalog role enabled. In this article, we’ll see how to determine this using the graphical user interface (GUI and PowerShell.
Using the graphical user interface (GUI)
After you connect to DC, open the Active Directory Sites and Services console. Expand the Sites container until you find the DC you want to check.
Right-click NTDS Settings and then click Properties.
Here, on the General tab, you can see if the Domain Controller has enabled the Global Catalog role or not.
Using PowerShell
To check on the current DC you are connected to, use the following command:
Get-ADDomainController | ft Name,IsGlobalCatalog
To check all DCs on a Site, use the following command:
Get-ADDomainController-Filter {Site-eq 'Default-First-Site-Name'}} | FT Name,IsGlobalCatalog
To check all DCs in a Forest, use the following command.:
Get-ADForest meraki.edu | FL GlobalCatalogs
Dsquery
By using the integrated dsquery (Active Directory Domain Services):
C:\>dsquery server -isgc -domain "ad.contoso.com" # RESULT "CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com" "CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com" "CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=contoso,DC=com"
Nltest
Open a command prompt: to open a command prompt, click Start, click Run, type cmd, and then click OK.
Type the following command, and then press Enter key:
nltest /server:
- nltest: performs network administrative tasks.
- /server:
: specifies the name of the domain controller that you have designated as a global catalog server. - /dsgetsdc:
: specifies the name of the domain to which the server belongs.
In the Flags line of the output, if GC appears, the global catalog server has satisfied its replication requirements.
To view the complete syntax for this command, at a command prompt, type:
nltest /?
Nslookup
We could also query directly the DNS server (Active Directory) and request the gc._msdcs.ad.contoso.com record by using nslookup:
C:\>nslookup gc._msdcs.ad.contoso.com # RESULT 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa primary name server = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.ip6.arpa responsible mail addr = (root) serial = 0 refresh = 28800 (8 hours) retry = 7200 (2 hours) expire = 604800 (7 days) default TTL = 86400 (1 day) Server: UnKnown Address: ::1 Name: gc._msdcs.ad.contoso.com Addresses:15.14.1.98 11.4.46.31 142.11.2.129