If we go back to first principles, then the IM role holder works by doing a comparison between what a GC holds and what it holds (for certain pieces of information). It can then make that delta available for replication to all other non-GCs within the domain.
So, if every DC in the domain is a GC, then there's nothing for the IM role holder to do. Likewise, if you only have a single domain in a single forest, then GCs never hold anything more than what a normal DC would hold, so again, nothing for IM role holder to do. There's nothing to stop you making the IM role holder a GC. But when it does it's comparison between a GC and itself, it will never find any differences. If you have non-GC DCs within that domain *and* you have more than one domain, then there will be data that the non-GCs will be missing, as the IM role holder won't make it available. Cheers Ken From: Patrick Salmon [mailto:[email protected]] Sent: Friday, 13 April 2012 3:09 AM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal Every DC except the one holding the Infrastructure Master FSMO role. Only because you must have the role somewhere, and it can only reside on a DC. And no, other than that no reason at all that I can think of. Pat. On Thu, Apr 12, 2012 at 2:48 PM, Lora Cates <[email protected]<mailto:[email protected]>> wrote: Ah ha! Thank you , my misunderstanding on caching. Just so I'm clear this can be enabled on any DC, correct? Is there any reason to not have every DC also be a GC? -lc ________________________________ From: William Robbins <[email protected]<mailto:[email protected]>> To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Sent: Thursday, April 12, 2012 1:37 PM Subject: Re: Domain local vs. global vs. universal Understanding group types: http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx Understanding caching of universal groups: http://technet.microsoft.com/en-us/magazine/ff797984.aspx - Will On Thu, Apr 12, 2012 at 13:32, Lora Cates <[email protected]<mailto:[email protected]>> wrote: >From my reading that's basically it. But do GC's always get them, or only >when enabled for universal group caching? -lc ________________________________ From: David Lum <[email protected]<mailto:[email protected]>> To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Sent: Thursday, April 12, 2012 1:12 PM Subject: RE: Domain local vs. global vs. universal So....technically what is happening when you click that little radio button to change group type Local/Global/Universal? What's happening behind the scenes? Universal's get copied to GC's and others don't, but what else? Dave From: Brian Desmond [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, April 12, 2012 10:03 AM To: NT System Admin Issues Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn't me), but for this function I needed to add a domain local group to it and for course, that's not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it's used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn't mean it's right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
