I am fortunate enough to be provided with source access by Microsoft. Actually, I say "Tom-arto" since I'm British. ;0)
-- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 1:37 PM To: [email protected]; Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology No Problem at all.. You say Tomato I say Tamato..I also misunderstood his question as I assumed him meant DC's and not GC's. Thanks for clarifying this is more detail. BTW: How did you get to look at the source code? Jose :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dean Wells Sent: Tuesday, August 16, 2005 10:08 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology Jose, I don't wish to continue going back and forth on this topic, the behavior and constraints are what they are. I'm not stating an opinion or an interpretation of a paper, I'm stating a fact based upon the source code of the product (as of 2K and 2K3). Your understanding of the articles you've read is very close but not entirely accurate. Phantoms of this kind are not permitted on GCs ... this is manifested in the interface when you attempt to add a user to a Universal group but the user has not yet replicated to the GC (an error will occur stating exactly that), if phantoms were permitted one would be created based on the info. from the DC used to browse the domain containing the user. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 12:25 PM To: [email protected] Subject: RE: [ActiveDir] Question on Replication Topology I am afraid not... One of the common replies and misunderstood rumors is that the Infrastructure Master (IM) is only allowed to run on a Global Catalog Server (GC) if every Domain Controller (DC) in the Forest is Global Catalog Server. That rumor is just based on misleading wording. The infrastructure masters job is to compare objects of the local domain against objects in other domains of the same forest. If the server holding the infrastructure master is also a global catalog it won't ever see any differences, since the global catalog holds a partitial copy of every object in the forest itself. Therefore the infrastructure master won't do anything in its domain. However if every DC in the Domain is also global catalog server there's no job for the IM since the GC already knows about the objects of other domains. So if you look at the job the IM has to do, it's pretty clear that it may reside on a GC if it's a single domain forest (no need to pull updates from other domains). It's also pretty clear that it may reside on a GC if it's in a multiple domain forest but every DC in the domain where the IM runs on the GC are also GCs (no need to pull updates since the GC knows everything). So the following infrastructure is a valid configuration: One domain: R-DC1 (GC + IM) R-DC2 (GC) R-DC3-x (must be GC) Other domain: O-DC1 (GC) O-DC2 (IM) O-DC3-x (might or might not be GC, does not matter) The first domain does not need to pull updates since the GCs know everything, the other domain has the IM running on a non-GC so it pulls the updates and replicates them to other DCs. The following KB states that correctly: http://support.microsoft.com/kb/223346/EN-US/ So to be short: The Infrastructure Master is not allowed to run on a Global Catalog Server if either there are multiple Domains in the Forest there are Domain Controllers in the same Domain which are not Global Catalog Servers The Infrastructure Master is allowed to run on a Global Catalog Server in a Domain if either there's only one Domain in the Forest every Domain Controller in the Domain in question is Global Catalog Server --------------------------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dean Wells Sent: Tuesday, August 16, 2005 8:26 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Question on Replication Topology I'm afraid it's not correct, when all DCs are GCs (within a single domain), the IM can happily co-reside with a GC. I'd also mention that the impact the IM imposes on a DC is typically negligible (forest design can impact that statement to some extent but I've not personally seen a forest designed or utilized that badly). -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, August 16, 2005 11:17 AM To: [email protected] Subject: RE: [ActiveDir] Question on Replication Topology You are correct. However if you have two DC's it doesn't hurt to offload the infrastructure master role to the DC that dose not have the other 4 roles, even if it's in a single domain forest. Jose :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Teverovsky, Guy Sent: Tuesday, August 16, 2005 8:09 AM To: [email protected] Subject: RE: [ActiveDir] Question on Replication Topology Am I missing something or having Infrastructure Master running on GC is an issue in multi-domain forest ? Guy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Monday, August 15, 2005 9:28 PM To: [email protected] Subject: [ActiveDir] Question on Replication Topology Dear List Members (Whom I have a hard time figuring out how you all have so much time to help us "not quite up to speed, but severely overtasked Administrators"); After a power failure took a Forest Root DC offline over the weekend (for 26 hours), I came in today to find my replication "in question". Repadmin /Showreps does not show any errors however, it shows inconsistent Replication partners. Here is my question; We have: Forest Root Domain (Empty) DC1 (Holds all 5 roles) (the DC offline for 26 hours) DC2 One Domain in the Forest DC4 DC5 (Holds all 5 Roles) DC6 Everyone is W2K3 (no Service Packs) and everyone is a GC and everyone is a DNS server. I was positive that I had the Forest Root and Domain at Windows Server 2003 Forest Functional Level but now when I go to AD Domains and Trusts and click the Forest Root Domain and right click Properties I get: Domain Functional Level = Windows 2000 mixed Forest Functional Level = Windows 2000 When I go to AD Domains and Trusts and click the Domain and right click Properties I get: Domain Functional Level = Windows Server 2003 Forest Functional Level = Windows 2000 I must have miscalculated, but that's not my question. In my AD Sites and Services, I have connection objects that have automatically been generated for each DC but they are inconsistent. ie: DC1 goes to DC2 and DC6 DC2 goes to DC1 and DC5 DC4 goes to DC5 and DC6 DC5 goes to DC4 and DC6 DC6 goes to DC1 and DC4 and DC5 The question is, "Shouldn't they all have automatically generated connection objects to everybody else and if they don't, is it just a matter of me adding the manual new connection object?" Or am I seeing a properly configured Sites and Services. If not, is part of my problem that I have not got the Forest Root at FFL? Thanks in advance people for any assistance. This list is so valuable, it's not funny. (Seriously!) ______________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company 136 Center Street Old Town, Maine 04468 207.827.4456 [EMAIL PROTECTED] www.jws.com ______________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
