Register now or log in to join your professional community.
Windows AD is the most core part in large Windows Environment because every thing depend on AD like Exchange Server, ISA server, DHCP, DNS, FSA, WSUS, System Center, Hyper-v. etc
- The IM is responsible for updating cross-domain object references each DC in the Domain, to do that it needs to check for changes on an available GC, then compares its information with the information that the GC has, if any changes, then updates its local information, and updates cross-domain object references each DC in the Domain.- The Problem is that If the IM is also a GC, when is going to check for changes he asks for a GC and because the IM is also a GC it "thinks" that it has all information updated and there's no need to update the DCs on its domain causing others DCs ending up with nonupdated information, remember DCs in a domain only know everything about their domain, because the domain partition is replicated between them.
Hi,
Let me tell you that infrastructure master role needs to be held by a DC that is not a global catalog server. If the IM role is held by a DC that is a global catalog server, cross-domain object references in that domain will not be updated and if all domain controllers in a domain are global catalog servers, or if you have only one DC, it does not matter which domain controller holds the infrastructure master role.
Many Thanks. Muhammad Tahir
Infrastructure Master FSMO Role mustn't be on a GC Domain Controller ....exept for two Situations:
1- All the DCs in the Domain are also GC holders
2- the Forest contains only one domain.
WHY ?
Because Infrastructure Master Holder is responsible of syncing Cross-Domain Group Membership Changes, it then replicate these changes to other domain controllers in the domain. If all DCs are GCs then they already knows all things about Objects in the Forest (GC have full details about all objects in its domain and partial details about objects in other domains in the forest) then no changes will be detected by Infrastructure Master Role at all.
And if we have only one domain, then the Infrastructure Master is Idle, it has nothing to do (because no cross-domain changes will exist at all as no other domain exists)
AD replication wont work, Infrasture Master will not get updates from other partners as partners will think it is having the latest copy and replication will not be initiated.
yes you are right.......
Group-to-user references in this domain will not be updated when members of a group are renamed or changed within a domain. This issue does not affect forests that have a single domain.
The infrastructure master is responsible for updating the group-to-user references when the members of a group are renamed or changed within a domain.
it compares the name and the security identifier (SID) of the member against a global catalog. If the name or the SID does not match, the local reference is updated with the values in the global catalog.