Loading...
Microsoft Global Catalog (GC)
Port 3268 is primarily used by Microsoft Domain Controllers to provide access to the Global Catalog service. This service allows fast searches across an entire Active Directory forest using LDAP. It contains a partial, read-only replica of all objects in the directory, facilitating user logins, address book lookups, and efficient query capabilities in large, multi-domain environments..
Microsoft Global Catalog on port 3268 is an LDAP service designed to facilitate directory searches across an entire Active Directory forest. The Global Catalog holds a partial replica of all objects within AD domains, containing the most commonly searched attributes, such as usernames and email addresses. This allows clients to perform queries without knowing the domain location of an object, improving query efficiency.
The Global Catalog service runs on Domain Controllers designated as Global Catalog servers and is integral to AD operations. It is especially vital during user logon processes in multi-domain forests, assisting the authentication mechanism by resolving Universal Principal Names (UPNs) and membership in Universal security groups. Applications relying on directory services, such as Microsoft Exchange, utilize the Global Catalog extensively for recipient resolution and directory lookups.
Queries to the Global Catalog occur via LDAP over port 3268 for standard queries and via 3269 when using secured (SSL/TLS-encrypted) LDAP. The service does not provide write capabilities—modifications must be performed against the appropriate domain controller through standard LDAP ports, typically 389/636.