Home »
Active Directory issues and fixes

Global Catalog not available

The Global Catalog is your Active Directory’s search engine—without it, logins fail, lookups return nothing, and applications struggle to find user info.

  • A global catalog server could not be located
  • Logon failure: The target account name is incorrect
  • The directory service was unable to perform the requested operation
  • The specified domain either does not exist or could not be contacted

1. A global catalog server could not be located

Error message: A global catalog server could not be located.

Issue

No reachable domain controller is acting as a global catalog. The users may experience:

  • Slow logins.
  • Search failures.
  • Authentication errors across domains.

Fix:

Run the following command as an administrator:

How to do it

Step 1. Check for an available GC by running the following Command Prompt command:

  • nltest /dsgetdc:domain /GC

Step 2. Enable GC on a domain controller if missing:

  • Open Active Directory Sites and Services > expand Sites > go to Servers > select your DC > go to NTDS settings and right-click it > Select Properties > Check the Global Catalog box

Step 3. Force replication by running the following Command Prompt command:

  • repadmin /syncall /AeD
global-catalog

Logon failure: The target account name is incorrect

Error message: "Logon failure: The target account name is incorrect."

Issue

Global Catalog is not available for universal group membership lookup during login.

Fix:

How to do it

Step 1. Ensure the user’s logon domain controller is also a global catalog or can reach one by running the following Command Prompt command:

  • nltest /dsgetdc:yourdomain.com /GC

Step 2. Assign a domain controller as a global catalog if there isn't one.

3. The directory service was unable to perform the requested operation

Error message: "The directory service was unable to perform the requested operation."

Issue

Directory search or query fails due to no global catalog is available.

Fix:

How to do it

Step 1. Confirm global catalog SRV record in DNS.

Step 2. In DNS Manager, check under _gc._tcp.yourdomain.com.

Step 3. If missing, restart the Netlogon service by running these Command Prompt commands:

  • net stop netlogon
  • net start netlogon

Step 4. Re-register DNS by running the following Command Prompt command:

  • ipconfig /registerdns

4. The specified domain either does not exist or could not be contacted

Error message: "The specified domain either does not exist or could not be contacted."

Issue

GC unreachable due to DNS misconfiguration or replication failure.

Fix:

How to do it

Step 1. Check DNS SRV records by looking for the following:

  • _gc._tcp.<forest-root-domain>

Step 2. Verify replication by running the following command in the Command Prompt:

  • - repadmin /replsummary.
global-catalog

Awards & recognition

ManageEngine named in 2024 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

  Editor's choice  
  7th time in the MQ in 2024  
  Major player in 2024  
  Integrated cloud security Innovator  
  Technical excellence in SIEM  
  Market leader most innovative  

Gartner® Magic Quadrant™ for SIEM 2024

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link