Re: Why should the infrastructure master for each domain not host the global catalog????.

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi
- The Infrastructure master role: Ensures cross-domain object references are
handled properly, such as when objects in one domain are referenced by
objects in a different domain.

- The domain controller assigned the infrastructure master role is
responsible for updating the group-to-user references whenever the members
of groups are renamed or changed. At any time, there can be only one domain
controller acting as the infrastructure master in each domain.

When you rename or move a member of a group (and the member resides in a
different domain from the group), the group might temporarily appear not to
contain that member. The infrastructure master of the group's domain is
responsible for updating the group so it knows the new name or location of
the member. The infrastructure master distributes the update via multimaster
replication.



- The IM is responsible for updating cross-domain object references each DC
in the Domain, to do that it needs to check for changes on an available GC,
then compares its information with the information that the GC has, if any
changes, then updates its local information, and updates cross-domain object
references each DC in the Domain.



- The Problem is that If the IM is also a GC, when is going to check for
changes he asks for a GC and because the IM is also a GC it "thinks" that it
has all information updated and there's no need to update the DCs on its
domain causing others DCs ending up with nonupdated information, remember
DCs in a domain only know everything about their domain, because the domain
partition is replicated between them.



Example - 2 Domains:

- Domain1

- Domain2



- You create a Universal Security group on Domain1, and add it a user from
Domain2.

- All GCs in the forest now that UNG on domain1 has a user from Domain2, and
all DCs in the Domain1 also know that, but DCs (non-GCs) in Domain2 don't
know anything about it, the IM in their Domain is responsible for update
that information and replica it to the DCs in their domain.



So in conclusion:



- If you have only 1 Domain you don't have cross-domain object references,
so there isn't job for the IM.



- If you have only 1 DC in a domain, doesn't matter if it is a GC or not
because that DC holds all roles for its domain, and it doesn't need to
update no other DC in its domain, so in this scenario doesn't matter if it
is a GC or not.



- If in your Domain only some DCs are GCs then you should take careful were
to put IM, as Jorge Pinto Said:

If at least one or more other DCs in a domain (besides the Infrastructure
master) are not a GC, then the Infrastructure master should NOT be on a GC



- If all DCs in the Domain are GCs, then no problem here too because all of
them will be updated.

- If all DCs in a domain are GC, there is no other choice where to put the
Infrastructure master.



FSMO placement and optimization on Active Directory domain controllers

http://support.microsoft.com/default.aspx?scid=kb;en-us;223346


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Clubsprint" <spamspamspamspam@xxxxxxxxxx> wrote in message
news:ea10dr$50$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
G'day
I'm in the process of upgrading 2000 to 2003 and part of getting rid of
the old servers is to transfer the
Oerations Master Roles. The documentation from Microsoft says "the
infrastructure master for each domain must not host the global catalog."
but not why. Can anyone tell me why this would be a problem or is it only
a performance
issue for larger networks. In the old W2K domain both head office DC's
were GCs and one of those
was the Schema Owner, Doman role owner, PDC role, Rid Manager and
Infrastructure owner.
Looking forward to a reply
Mark





.

Relevant Pages

  • Re: IFM and Universal Security Groups
    ... The Infrastructure master role: ... When you rename or move a member of a group (and the member resides in a ... The IM is responsible for updating cross-domain object references each DC ... need to update the DCs on its domain causing others DCs ending up with ...
    (microsoft.public.windows.server.active_directory)
  • Re: Global Catalog Server needed?
    ... I've read that, in the case of a single domain, the GC server has nothing to do and thus unnecessary? ... You may have read about the INfrastructure Master role. ... you can have all DCs a GC. ... The reason why it doesn't pull in attributes such as the MemberOf or MemberIs, is because it's added work on the local domain's DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Global Catalog Server needed?
    ... I've read that, in the case of a single domain, the GC server has nothing to do and thus unnecessary? ... You may have read about the INfrastructure Master role. ... you can have all DCs a GC. ... The reason why it doesn't pull in attributes such as the MemberOf or MemberIs, is because it's added work on the local domain's DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: no logon server to service your request problem
    ... Ensures cross-domain object references are ... The domain controller assigned the infrastructure master role is responsible ... global catalog in the forest, ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Sub-Domain
    ... the GC (not a FSMO role) must not be on the Infrastructure Master FSMO ... The Infrastructure Master is allowed to run on a Global Catalog Server ... If you have more than one domain, then you MUST have two DCs per domain. ...
    (microsoft.public.windows.server.active_directory)