Configuration Attributes Adding LDAP attributes to the Global Catalog

February 1, 2024 at 12:48 AM

Within the Global Catalog, only a few LDAP attributes are available by default. This can lead to the fact that when using the Global Catalog and synchronizing attributes, the respective attribute values are empty. To add additional attributes to the Global Catalog, the Active Directory schema must be customized.

Such changes to the Global Catalog cause the full catalog to be synchronized in the AD forest or domain. This can lead to an increased network load. Therefore, make these changes outside of business hours.

Adding the attribute to the Global Catalog

  1. If the Active Directory Schema management console is not available, open cmd.exe and register the extension:

     regsvr32 schmmgmt.dll

  2. Start the Microsoft Management Console and add the Active Directory Schema snap-in:

    Adding Active Directory Schema snap-in to the Management Console

  3. In the left pane, click on Attributes:

Attributes in the ADS snap-in
  1. In the right pane, right click on the attribute you want to modify and click on Properties:
Attribute properties
  1. Check Replicate this Attribute to the Global Catalog and click on OK:
Replicate this Attribute to the Global Catalog

The schema changes will be replicated to the Global Catalog.

Indexing the LDAP attribute

You can search for the published LDAP attributes in the Global Catalog normally. In some circumstances, the searches may take a relatively long time. To speed up the search, you can index the attributes.

To do this, select the option Index this attribute within the Properties dialog:

Index LDAP attribute
As in other databases, the index requires additional storage space. So the replication of the Active Directory may take longer.