You want to add or remove an attribute in the global catalog.
|
Open the Active Directory Schema snap-in.
In the left pane, click on the Attributes folder.
In the right pane, double-click the attribute you want to edit.
Check the box beside Replicate this attribute to the Global Catalog to add to the global catalog, or uncheck to remove the global catalog.
Click OK.
You can add an attribute to the global catalog by using the ldifde utility and an LDIF file that contains the following:
dn: cn=<AttrCommonName>,cn=schema,cn=configuration,<ForestRootDN> changetype: modify replace: isMemberOfPartialAttributeSet isMemberOfPartialAttributeSet: TRUE -
If the LDIF file were named add_gc_attr.ldf, you would run the following command:
> ldifde -v -i -f add_gc_attr.ldf
' This code adds an attribute to the global catalog ' ------ SCRIPT CONFIGURATION ------ ' Set to the common name (not LDAP display dame) of the attribute. strAttrName = "<AttrCommonName>" ' e.g. surname ' Set to TRUE to add to GC, set to FALSE to remove from GC boolAddtoGC = TRUE ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://RootDSE") set objAttr = GetObject("LDAP://cn=" & strAttrName & "," & _ objRootDSE.Get("schemaNamingContext")) objAttr.Put "isMemberOfPartialAttributeSet", boolAddtoGC objAttr.SetInfo WScript.Echo "Added attribute to GC: " & strAttrName
Each domain controller in a forest replicates a copy of the Domain naming context for its own domain as well as copies of the forest-wide Configuration and Schema partitions. However, domain controllers do not replicate Domain naming contexts for other domains in the forest. When enabled as a global catalog server, a domain controller will replicate partial, read-only replicas of all the objects in other domains in the forest.
Searching against the global catalog is useful when you need to perform a single search across several naming contexts at once. The global catalog stores only a subset of each object's attributes, which is why it is considered a partial replica. Attributes stored in the global catalog are considered part of the partial attribute list (PAS). The attributes that are part of the PAS should be either ones you'd want to use as part of searches against the global catalog, or ones you would want returned after searching the global catalog.
You can add attributes that are stored in the global catalog by setting the isMemberOfPartitalAttributeSet attribute of an attributeSchema object to TRUE. Likewise, to remove an attribute from the partial attribute set, you need to set isMemberOfPartitalAttributeSet to FALSE for the target attribute.
|
You can find which attributes are included in the global catalog by using a query with the following criteria:
cn=Schema,cn=Configuration,<ForestRootDN>
(&(objectcategory=attributeSchema)(isMemberOfPartitalAttributeSet=TRUE))
onelevel
Alternatively, to find attributes that aren't in the global catalog, you only need to change part of the previous filter to the following:
(isMemberOfPartialAttributeSet=FALSE)
MS KB 229662 (How to Control What Data Is Stored in the Global Catalog), MS KB 230663 (HOW TO: Enumerate Attributes Replicated to the Global Catalog), MS KB 232517 (Global Catalog Attributes and Replication Properties), MS KB 248717 (How to Modify Attributes That Replicate to the Global Catalog), MS KB 257203 (Common Default Attributes Set for Active Directory and Global Catalog), and MS KB 313992 (HOW TO: Add an Attribute to the Global Catalog in Windows 2000)