Saturday 8 February 2014

FSMO Roles 2

Why Global Catalog and Infrastructure Master Rule should not play on same system?
More info on the Infrastructure Master and Global Catalog relationship
As a whole, the IM updates references from other domains. What it basically does is updates "phantoms" in its own domain for the objects. The phantoms are actually "pointers" or references to the objects in the other domains. The phantoms are based on the following identities of the other domain's objects of members in another domain's objects. The reason why it doesn't pull in attributes such as the MemberOf or MemberIs, is because it's added work on the local domain's DC. Therefore it uses the phantoms as a pointer to query a DC in the other domain during activity when you request the object from the other domain, such as when adding a user or group to a local group in the domain in question.
Distinguished name of the object
Object GUID
Object SID
So they are basically the values that 'point' to the reference and not necessarily using a MemberOf or MemberIs attribute.
An example
1) User1 (Domain A) is a member of Group1 (Domain B)
This means that when viewing membership of Group1, you should be able to see User1 there.
2) User1 in Domain A gets renamed to User2
3) This change gets replicated to all GCs across the forest
4) IM in Domain B detects that its phantom for User1 is out of date, updates it, and replicates the update to all other DCs in Domain B
This means that when viewing membership of Group1, you should be able to see User2. Without the IM, Group1 would still list User1 as its member.
What is time period server time refresh?
By default, the forest root’s PDC FSMO will try to synchronize with its time source once every 45minutes until it successfully connects with time source. Then it does it again in 45 minutes and again 45 minutes later. It keeps re synchronizing every 45 minutes until it has successfully synchronized 3 times in a row. Then it reduces its frequency to once every 8 hours. You can change this with a registry entry. All time parameters are in
HKLM\SYSTEM\CurrentCotrolSet\Services\W32Time\Parameters

To find out if a system’s time server is working open a command prompt and type W32TM /resync.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)