Solved

Why Infrastructure Master cannot runs on a Global Catalog server ?

Posted on 2008-10-26
12
1,449 Views
Last Modified: 2012-05-05
I read from some articles saying Infrastructure Master cannot runs on a Global Catalog server. They should be installed on separate server when I have more than one domain. Can any one explain to me?
0
Comment
Question by:wuitsung
12 Comments
 
LVL 9

Expert Comment

by:waynewilliams
ID: 22807968
This is merely a recommendation from Microsoft.  I have all my FSMO roles on the one DC and it works fine.   More detailed info on placement of FSMO roles in this article here:

http://support.microsoft.com/kb/223346


0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 400 total points
ID: 22808001
http://technet.microsoft.com/en-us/library/cc816619.aspx
"The infrastructure master is incompatible with the global catalog, and it must not be placed on a global catalog server."
0
 

Author Comment

by:wuitsung
ID: 22808127
Is there any easy way to understand?

0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 400 total points
ID: 22808301
http://support.microsoft.com/kb/223346
"Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold."

http://technet.microsoft.com/en-us/library/cc268210.aspx
"If an infrastructure master is placed on a global catalog server, it will not correctly identify outdated security principals from other domains."

With other words, replication will not work as expected with multiple domains if infrastructure master is placed on same server as a GC.
0
 

Author Comment

by:wuitsung
ID: 22808395
I read this before already, but I still don't understand what it means...

"global catalog server holds a partial replica of every object in the forest.."
But it holds full replica of its domain right?

It's saying if I put IM on GC, IM doesn't contain any reference to objects, so it will never update.

So why if the IM and GC are separate, then IM will contain reference???
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 400 total points
ID: 22808574
Yes, GC has full copy of objects in its own domain and partial copy of any object in other domains in the forest.
Infrastructure master communicates with GC. If placing infrastructure master on same server as GC, it will have the GC-data locally on same server and will not have a reference to compare what objects nead to be updated.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22808590
minor typo in last post:
GC has full copy of all objects in its own domain and partial copy of all objects in other domains in the forest.
0
 

Author Comment

by:wuitsung
ID: 22809798
Sorry to ask you again.. Here is the one I read..

"If infrastructure master and GC is on the same server then infrastructure will not function because it will never find the data that is out of date."

I really want to know why the IM not able to find the data that is out of date?

And you said that it will have the GC-data locally, but why IM cannot ind the data locally??

Is there any easy example that can help me understand the concept?
0
 

Author Comment

by:wuitsung
ID: 22809885
Could you please tell me if I am right? I think maybe it's because the GC holds partial copy of all other domain, so when the the IM is on GC, IM think it alrady has the latest info, so IM will not do any update?? Am i right?
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 400 total points
ID: 22811963
Yes
If having infrastructure master on same server as GC, it will believe the GC has the current version of the replicated data retrieved from the other domain and will not update its GC with changes.
0
 

Author Comment

by:wuitsung
ID: 22819634
Sorry to keep you here so long. I just raised the point here for you.
This is what I THINK so far, please advice me if I am wrong...

I think IM knows nothing of outside world of its domain. It just keep comparing its data with GC, see if there is anything new. If there is something new in GC, it updates from GC and then replicate to other DCs in its domain. GC syncs with other GC in other domains. So GC always has the latest data.

If IM is on GC, IM will think it already has the latest data from GC, so it will never update.

Anything wrong? Thank you again.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 100 total points
ID: 22825782
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Check Disk (CHKDSK) on all volumes and fix if needed. 8 178
Server 2003 x64 upgrade question 10 44
shadow copies 7 69
How to restore security permissions on a file server 4 34
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now