Re: AD - users and computers in child domain

Tech-Archive recommends: Fix windows errors by optimizing your registry

Yes, you are right. I know, that IM cannot be GC. But as written in article
you reccomend me
(http://support.microsoft.com/?id=197132#XSLTH3159121123120121120120) "If
all the domain controllers in a domain also host the global catalog, all the
domain controllers have the current data, and it is not important which
domain controller holds the infrastructure master role." This is my case.
All DCs in the forest are GCs.

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:u$uwpEqsFHA.3640@xxxxxxxxxxxxxxxxxxxxxxx
> In news:Om9WFUosFHA.3908@xxxxxxxxxxxxxxxxxxxx,
> Fyodor Yemelyanenko <fyodor_e@xxxxxxx> made this post, which I then
> commented about below:
>> About domains and roles.
>> Two DCs in the root domain have roles as follows
>> DC1 - Infrastructure, RID, Schema and Domain Naming roles
>> DC2 - PDC
>>
>> DC in the child domain has Infrastructure, RID and PDC FSMO roles
>>
>> All DCs are global catalog therefore as far as I know location of
>> Infrastructure role don't play any role.
>>
>> My problem is mostly like that I don't use some command line switch
>> or don't select some option in ADUC...
>
> AD101: If there are multiple domains in a forest, the GCs CANNOT be an IM
> (Infrastructure Master), otherwise the IM will NOT ferret references for
> objects in other domains, hence thwarting it's job. The GC has references
> to specific limited types of objects, but not global or domain local
> groups, etc, that are in other domains. But if the IM sees that stuff in
> the GC, it will satisfy itself (in layman's terms!) that it already knows
> what's out there, not knowing it's incorrect.
>
> What the IM does:
> http://support.microsoft.com/?id=197132#XSLTH3159121123120121120120
>
> On DC1, uncheck the "This is a GC" box. Let replication happen and check
> it out. Likewise with all other domains, since each domain has an IM.
>
> Let us know if that helped.
>
> Ace
>
>


.

Relevant Pages

  • Re: Infrastructure master
    ... Hej Fredrik! ... This depends on the infrastructure in your environment. ... Domain Controllers contains a Global Catalog and that seems to be your case ...
    (microsoft.public.win2000.active_directory)
  • Re: Site link and domain infrastrure
    ... domains of windows 2000 infrastructure. ... For all the other countries, we will still have domain controllers ... Is there any replication traffic that I need to concern?? ...
    (microsoft.public.windows.server.active_directory)
  • RE: Single DC can not find GC.
    ... Global Catalog and Infrastructure Master Role Conflict ... that domain controller. ... infrastructure FSMO role holder cannot be a global catalog server. ...
    (microsoft.public.win2000.active_directory)
  • Re: DC gegen neuen DC tauschen (innerhalb der Rootdomain)
    ... If the IM Flexible Single Master Operation role holder is also a global catalog server, the phantom indexes are never created or updated on that domain controller. ... The IM does not store phantom versions of the foreign objects because it already has a partial replica of the object in the local global catalog. ... For this process to work properly in a multi-domain environment, the infrastructure FSMO role holder cannot be a global catalog server. ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: DC not processing logon requests
    ... you should make all your DCs GCs. ... Do not put the Infrastructure Master role on the same domain ... > controller as the global catalog server. ...
    (microsoft.public.win2000.active_directory)