Which object attributes are included in the global catalog?
The global catalog stores only a subset of the attributes for each object in the Active Directory forest. Otherwise the data handling would be too much overhead for the GC servers - a global catalog should only represent a kind of yellow pages for the environment.
Whether an attribute is included in the global catalog or not is decided by the systemFlags property of the schema object of each object attribute. If the 2. bit is set here (flag FLAG_ATTR_REQ_PARTIAL_SET_MEMBER), then the attribute is contained in the global catalog. Even easier - check the attribute isMemberOfPartialAttributeSet, for global catalog attributes is the value set to TRUE.
Here is a list of attributes which are
part of the global catalog by default in a Windows 2008 R2 Active Directory:
| altSecurityIdentities | cn | c (country) | dc |
| dSCorePropagationData | frsComputerReference | fRSMemberReference | groupType |
| instanceType | isDeleted | isRecycled | l (location) |
| member | mSMQUserSid | nTSecurityDescriptor | distinguishedName |
| objectCategory | objectClass | objectGUID | objectSid |
| ou | o | partialAttributeDeletionList | partialAttributeSet |
| primaryGroupID | proxiedObjectName | name | replPropertyMetaData |
| replUpToDateVector | repsFrom | repsTo | sAMAccountName |
| sAMAccountType | servicePrincipalName | sIDHistory | st |
| street | subRefs | systemPossSuperiors | userAccountControl |
| userPrincipalName | uSNChanged | uSNCreated | uSNLastObjRem |
| wellKnownObjects | whenChanged | whenCreated |
You can also evaluate the current set of attributes in the global catalog easily with this script:
Without the alphabetic sort of the attribute names the script is getting more simple: