RE: [ActiveDir] TR : Golbal catalog & Infrasctucutre Master.

Tue, 24 May 2005 12:55:44 -0700

Title: RE: [ActiveDir] TR : Golbal catalog & Infrasctucutre Master.
Assuming you meant you added userB from domainB to groupA in domainA, yes ... a phantom _record_ (not object) would have been created within domainA.  The phantom maintains only the user's DN, SID and GUID.  The phantom is created in order to allow the underlying database (that houses Active Directory) to create a cross-reference (known as a link-pair).  A link-pair can only be created if the database stores both of the records involved, since the user was in a foreign domain we would have failed when creating the link-pair had the DC not first injected a phantom representation of the foreign user. 
 
Since GCs do not maintain this kind of phantom because they're supposed to know about all the objects within the forest, they will never be able to detect any inconsistencies because their content is already up-to-date via normal replication processes.  This is peachy for the GC but leaves any remaining non-GC DCs within that domain up the creek without the proverbial paddle.

--
Dean Wells
MSEtechnology
* Email: dwells@msetechnology.com
http://msetechnology.com
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Tuesday, May 24, 2005 3:37 PM
To: Jorge de Almeida Pinto; [EMAIL PROTECTED]; ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir] TR : Golbal catalog & Infrasctucutre Master.

Ok thanks for the good links :-))
 
I must apologize (again ;-), but i missed something...
 
Just for my comprehension:
I have 2 domains a and b. I add usera in groupa on DCa in domaina. DCa will create a phantom object wich is the reference of userb. right ?
No, if i delete or modify userb on domainb, the phantom must be updated in my groupa on my DCa. So it's the job of the IM on domaina to compares updated information on GCa. IM will then updated the phantom on DCa and the world goes on :-)
 
But there is one thing i didn't understand yet..... sorry :-( .... If DCa is IM+GC, then the IM can not compares and update information about the phantom because it has the latest information, so DCa will then update userb in groupa.. right ? and this change will be replicate to all DCs and GCs of the forest ? So what's wrong for placing IM on DC which is GC ?
 
Regards,
 
Yann

De: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Date: mar. 24/05/2005 20:13
À: TIROA YANN; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org '
Objet : RE: [ActiveDir] TR : Golbal catalog & Infrasctucutre Master.

Hi,

For more info on the infrastructure master see "Phantoms, Tombstones and the
Infrastructure Master" (http://support.microsoft.com/?id=248047)

In both W2K and W2K3 AD.. the following rules apply:
* if you have only one domain -> make all DCs also GCs  as there is no
additional overhead
* if you have more than one domain in the forest -> for each domain in the
forest do not place the infrastructure master on a GC if you have at least
another DC in that same domain that is not a GC also!

In all cases: if all DCs = GCs there is no issue concerning the
infrastructure master.

In W2K, replication (for DCs/ for GCs) was/is of more importance because
when a group membership changed the complete members attribute got
replicated. This could be a pain, especially for universal groups

In W2K3, replication (for DCs/ for GCs) is of less importance because as
soon as you get to forest functional level windows 2003 you get linked value
replication which simply means that only the new member replicates... so
less impact! LVR also applies to other multi-valued attributes
Cheers
#JORGE#

-----Original Message-----
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: 5/24/2005 7:57 PM
Subject: [ActiveDir] TR : Golbal catalog & Infrasctucutre Master.

Hello :-)

Just a question concernng the placement of the global catalog (GC) and
the Infrastructure Master (IM) on a DC.
Microsoft said not to place the IM on a DC that is already a GC...

Why? and should it be true for an  AD 2003 forest with only one domain ?

Regards,

Yann


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Reply via email to