Microsoft Global Catalog

MSFT-GC (Microsoft Global Catalog) on port 3268 is used to provide a global listing of all objects in an Active Directory forest. This service allows for quick searches across the entire directory. It is essential for environments with multiple domains.

What is Microsoft Global Catalog

MSFT-GC, or Microsoft Global Catalog, operates on port 3268 and is a critical component of Active Directory services. It provides a global listing of all objects within an Active Directory forest, enabling users and applications to perform quick and efficient searches across multiple domains. This is particularly useful in large, complex environments where directory information is spread across various domains.

The Global Catalog contains a partial replica of every object in the directory, which includes the most commonly searched attributes. This allows for faster query responses and reduces the need for cross-domain queries, thereby improving overall network performance and user experience.

Microsoft introduced the Global Catalog with Windows 2000 Server, and it has since become an integral part of Active Directory infrastructure. Organizations rely on the Global Catalog for various functions, including user logon processes, directory searches, and application queries. Proper configuration and maintenance of the Global Catalog are essential for the smooth operation of an Active Directory environment.

Microsoft Global Catalog runs on TCP and UDP port 3268 and is official IANA port.

Security risk

If port 3268 is open and the MSFT-GC service is running, it could expose sensitive directory information to unauthorized users. This can lead to security breaches, data leakage, and unauthorized access to network resources. Proper firewall rules and access controls should be implemented to mitigate these risks.

In our UFW tutorial you can follow instructions how you can configure UFW to close port 3268. Use StackChanges to monitor if the Microsoft Global Catalog port is closed and stays closed. StackChanges will send an alert if port 3268 is open again.