The part that is throwing me for a loop is that they both seem to be saying the same thing...if all DC's in a multi-domain forest are GC's then it doesn't matter where the IM goes since there aren't any phantoms created and thus there aren't any phantoms to keep track of. Phantoms are created (Dean, Brett, Eric...correct me if I'm mistaken) when we (we are DC's) don't have knowledge of the object. I don't know about an object since it's not in my database, but in the database of another DC somewhere. So when you ask me to reference those objects on the other DC's (i.e. adding users from other domains to groups in yours) I need some way to reference them. I will create phantoms to reference these objects since they don't really exist in my database. Well, the problem with having the GC on the IM is that if I'm a GC then I will have a copy of the object (read-only, but still a copy), so there will be no need for me to create a phantom thus the problem where my references to your objects gets all outta whack. If you have only one domain, again we will have no reason to create these freaking phantoms (phantom sounds evil anyway) so the IM will be sitting there doing nothing all day (how lazy!). If everyone is a GC regardless of the # of domains then I again won't create a phantom (unless it's for a FSP or something along those lines not really relating to this discussion) since I have the object handy locally.
Please chime in if there is something to add / correct..imagine if the KB article was as jumbled up as the above paragraph. I can almost hear the phone ringing now... Have a good one guys! Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 1:23 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I love this particular discussion. I can never quite follow the reasoning why about the IM/GC issue... but learn a little more about it each time. :m:dsm:cci:mvp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Tuesday, August 16, 2005 12:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Deji, Thank you for pointing out my mistake. You are correct. DC5 holds all 3 roles, not all 5 roles. It's the details, I know. I can just hear joe now, "SEE, SEE, This is what I'm always talking about! Rocky ____________________________________ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 12:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology I read it to be that he has 2 domains. He fat-fingered the number of FSMO roles in the child. But the conclusion is still the same - when all DCs are GCs in a given domain, IM and GC can co-exist. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Teverovsky, Guy Sent: Tue 8/16/2005 8:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Rob, My understanding is that he has two domains in the forest: empty root and a production child domain. Though the forest root domain is empty, but it still has 2 domains. <quote> We have: Forest Root Domain (Empty) DC1 (Holds all 5 roles) (the DC offline for 26 hours) DC2 One Domain in the Forest DC4 DC5 (Holds all 5 Roles) DC6 </quote> Now looking again at this layout makes me a bit confused as child domains can hold only 3 FSMOs. Rocky, can you explain what you actually have there ? "single-domain forest" or "empty root domain + child domain" ? Guy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Tuesday, August 16, 2005 6:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Actually, if it's a Single Domain Forest then the Infrastructure Master has no phantoms to keep track of and thus, can be sent anywhere or left alone as a paper weight. So while I agree with Jose that it is perfectly fine to move it, doing so won't really matter until you have phantoms for the infrastructure master to keep an eye on. Just my $0.02 Have a great day! Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 11:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology You are correct. However if you have two DC's it doesn't hurt to offload the infrastructure master role to the DC that dose not have the other 4 roles, even if it's in a single domain forest. Jose :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Teverovsky, Guy Sent: Tuesday, August 16, 2005 8:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Question on Replication Topology Am I missing something or having Infrastructure Master running on GC is an issue in multi-domain forest ? Guy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Monday, August 15, 2005 9:28 PM To: activedir@mail.activedir.org Subject: [ActiveDir] Question on Replication Topology Dear List Members (Whom I have a hard time figuring out how you all have so much time to help us "not quite up to speed, but severely overtasked Administrators"); After a power failure took a Forest Root DC offline over the weekend (for 26 hours), I came in today to find my replication "in question". Repadmin /Showreps does not show any errors however, it shows inconsistent Replication partners. Here is my question; We have: Forest Root Domain (Empty) DC1 (Holds all 5 roles) (the DC offline for 26 hours) DC2 One Domain in the Forest DC4 DC5 (Holds all 5 Roles) DC6 Everyone is W2K3 (no Service Packs) and everyone is a GC and everyone is a DNS server. I was positive that I had the Forest Root and Domain at Windows Server 2003 Forest Functional Level but now when I go to AD Domains and Trusts and click the Forest Root Domain and right click Properties I get: Domain Functional Level = Windows 2000 mixed Forest Functional Level = Windows 2000 When I go to AD Domains and Trusts and click the Domain and right click Properties I get: Domain Functional Level = Windows Server 2003 Forest Functional Level = Windows 2000 I must have miscalculated, but that's not my question. In my AD Sites and Services, I have connection objects that have automatically been generated for each DC but they are inconsistent. ie: DC1 goes to DC2 and DC6 DC2 goes to DC1 and DC5 DC4 goes to DC5 and DC6 DC5 goes to DC4 and DC6 DC6 goes to DC1 and DC4 and DC5 The question is, "Shouldn't they all have automatically generated connection objects to everybody else and if they don't, is it just a matter of me adding the manual new connection object?" Or am I seeing a properly configured Sites and Services. If not, is part of my problem that I have not got the Forest Root at FFL? Thanks in advance people for any assistance. This list is so valuable, it's not funny. (Seriously!) ______________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company 136 Center Street Old Town, Maine 04468 207.827.4456 [EMAIL PROTECTED] www.jws.com ______________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
