Global catalog

The global catalog is a distributed data repository within an Active Directory forest that stores a partial, read-only replica of every object across all domains. Each global catalog server holds a carefully selected subset of attributes—such as user principal names, display names, email addresses, and universal group memberships—enabling rapid directory searches and authentication without requiring clients to know which specific domain an object belongs to. This makes it a foundational component for efficient identity resolution and logon processes in multi-domain environments.

From a cybersecurity and identity & access management perspective, the global catalog plays a critical role in enforcing consistent access control across an enterprise. It enables universal group membership evaluation during authentication, ensuring that security policies are applied correctly regardless of the user's or resource's domain. Without a functioning global catalog, users may be unable to log on, and cross-domain resource lookups can fail—making its availability and integrity essential to maintaining a secure, unified identity infrastructure across complex network environments.