Replication Question
Results 1 to 6 of 6

Thread: Replication Question

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    24

    Replication Question

    Single Forest, Single Tree Design:


    Site:X

    FZ.edu

    :Three Domain Controllers: DC-FZ-1, DC-FZ-2, DC-FZ-3:

    DC-FZ-1 [Schema Master & Domain Naming Master]

    DC-FZ-2 [RID, PDC Emulator, Infrastructure]

    DC-FZ-3 [Global Catalog]



    Site:Y

    Child.FZ.edu

    :Two Domain Controllers: DC-Child-1, & DC-Child-2:

    DC-Child-1 [RID, PDC Emulator, Infrastructure]

    DC-Child-2 [Global Catalog]




    Site:X & Site:Y has high bandwidth availability. Site Subnets, Transports and Links have been established.

    Replication:

    Inter-Site: Scheduled At Mid-Night.

    Intra-Site: Notify & Pull.

    Domain-Functional Level: Windows 2000 Mixed.

    Forest-Functional Level: Windows 2000.


    Let's say a new User has been added at DC-Child-1: Since Intra-Site replication is Notify & Pull,

    1] Say, DC-Child-1 Notifies DC-Child-2 of the new User at 10:00 am. Is the replication to DC-Child-2 immediate?

    2] Who will notify the Global Catalog in Child.FZ.edu of the new User?

    3] Since Inter-Site replication is scheduled at mid-night, does the Global Catalog in FZ.edu have to wait until mid-night? If so, aren't the Global Catalog's out-of-synch?

    4] What is the role of Infrastructure Master?

    5] I've read that Infrastructure and Global Catalog should NOT be on the same server? Why is it?


    Thanks
    -We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-

    Edward de Bono

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    The Infrastructure master role handles group membership changes in the domain and updates object Security Identifiers (SID) and distinguished names in inter-domain object references as well as keeping tabs on the operations master for any changes - when it sees a change it replicates this around the domain automatically.

    The infastucture master CAN host the GC providing that ALL domain controller also host it - this is how I have most of my domain set up.
    If the Infrastructure Master is running on a Global Catalog server it wont update any object information because it does not contain any references to objects that it does not hold.
    This is because a Global Catalog server holds a partial replica of every object in the forest. As a result of this cross-domain object references in that domain will not be updated.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    24
    Originally posted here by Nokia
    The Infrastructure master role handles group membership changes in the domain and updates object Security Identifiers (SID) and distinguished names in inter-domain object references as well as keeping tabs on the operations master for any changes - when it sees a change it replicates this around the domain automatically.

    The infastucture master CAN host the GC providing that ALL domain controller also host it - this is how I have most of my domain set up.
    If the Infrastructure Master is running on a Global Catalog server it wont update any object information because it does not contain any references to objects that it does not hold.
    This is because a Global Catalog server holds a partial replica of every object in the forest. As a result of this cross-domain object references in that domain will not be updated.


    Nokia, Thankyou for your reply. Pardon me, as my comprehension of written English is not very good. So if you will, I will use an example.

    User-Q,

    Group Membership: Group-1, Group-2, Group-3 and Group-4:
    Domain-Q
    User Account SID = S-1-5-QU0-1001
    Group-1 SID = S-1-5-QG1-1002
    Group-2 SID = S-1-5-QG2-1003
    Group-3 SID = S-1-5-QG3-1004
    Group-4 SID = S-1-5-QG4-1005

    Now lets say User-Q is NOT a member of Group-4 anymore.

    So from your explanation, it is the Infrastructure Master, that handles group membership changes. So Infrastructue Master now knows that User-Q is NOT a member of Group-4 and this is replicated to other DC's in the Domain. This is where I'm not clear.

    Isn't group membership changes replicated to DC's within the Domain either by Notify/Pull or by Scheduling replication?

    Why would we need an additional Master role?

    Thanks
    -We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-

    Edward de Bono

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I'm not to sure what you are asking buddy.

    ..and I can't think of a simple way to explain it!

    Say you have three domain controllers in the same domain.

    DC1 DC2 DC3

    DC1 is the Inf Master

    You log on to DC3 via your admin tools and change a group membership.

    This change does not happen on the DC you are logged on to if it is NOT an Inf Master. Instead DC3 will notify the Inf Master or the change, the Inf master makes the change to itself and then pushes this change out to the other DC's automatically including DC3 as DC3 is not able up change group membership locally on itself unless the change has come from the Inf Master.

    Thats the way I understand it anyways!

    Does it make sense / answer your question?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  5. #5
    Junior Member
    Join Date
    Aug 2006
    Posts
    24
    Nokia, Thankyou. Your explanation is clear and understandable. I'll do a look up on the MS website and also Google for more information on INF Master Role. But, if you do have any links that you could share, it would be great.

    Thanks
    -We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-

    Edward de Bono

  6. #6
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Nokia provided you with good info, here is some more info for you to read

    Infrastructure Master - This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn't need to have much horsepower at all.
    From HERE

    And some good info on FSMO roles HERE

    .C.
    Back when I was a boy, we carved our own IC's out of wood.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •