Understanding Infrastructre Master FSMO role
hi
i trying head around infrastructure master fsmo role.
from read:
"the dc holds infrastructure master fsmo role responsible cross domain updates , lookups. when object in 1 domain referenced object in domain, represents reference guid, sid (for references security principals), , distinguished name (dn) of object being referenced. infrastructure role holder dc responsible updating object's sid , distinguished name in cross-domain object reference."
so let's there 2 domains in forest, domaina , domainb.
user1 adding group in domainb (domainb\group1).
so, guess infrastructure master (im) involved here, how work exactly? im's in 2 domain's talk each other? or im in domaina modify group membership of domainb? thought dc's weren't able write information domains other own, , (apart gc's) don't hold information domain other own?
i trying head around infrastructure master fsmo role.
from read:
"the dc holds infrastructure master fsmo role responsible cross domain updates , lookups. when object in 1 domain referenced object in domain, represents reference guid, sid (for references security principals), , distinguished name (dn) of object being referenced. infrastructure role holder dc responsible updating object's sid , distinguished name in cross-domain object reference."
so let's there 2 domains in forest, domaina , domainb.
user1 adding group in domainb (domainb\group1).
so, guess infrastructure master (im) involved here, how work exactly? im's in 2 domain's talk each other? or im in domaina modify group membership of domainb? thought dc's weren't able write information domains other own, , (apart gc's) don't hold information domain other own?
as whole, im updates references other domains. is updates "phantoms" in own domain objects. phantoms are "pointers" or references objects in other domains. phantoms based on following identities of other domain's objects of members in another domain's objects. reason why doesn't pull in attributes such memberof or memberis, because it's added work on local domain's dc. therefore uses phantoms pointer query dc in other domain during activity when request object other domain, such when adding user or group local group in domain in question.
in meantime, please read following links more info. first link explains summarized in more detail, give better understanding.
phantoms, tombstones , infrastructure master role conflict global catalog
http://support.microsoft.com/kb/248047
infrastructure education:
http://social.answers.microsoft.com/forums/en-us/winservergen/thread/d238de68-3423-40cd-9bf1-8416bd1d4591
global catalog vs. infrastructure master
"if single domain forest, can have dcs gc. if multiple domains, recommended gc not on fsmo im role, unless make dcs gcs"
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/08/37975.aspx
i hope helps.
ace fekay, mct, mcts exchange 2007, mcse 2003 , 2000, mcsa 2003 messaging. posting provided as-is no warranties or guarantees , confers no rights.
- distinguished name of object
- object guid
- object sid
in meantime, please read following links more info. first link explains summarized in more detail, give better understanding.
phantoms, tombstones , infrastructure master role conflict global catalog
http://support.microsoft.com/kb/248047
infrastructure education:
http://social.answers.microsoft.com/forums/en-us/winservergen/thread/d238de68-3423-40cd-9bf1-8416bd1d4591
global catalog vs. infrastructure master
"if single domain forest, can have dcs gc. if multiple domains, recommended gc not on fsmo im role, unless make dcs gcs"
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/08/37975.aspx
i hope helps.
ace fekay, mct, mcts exchange 2007, mcse 2003 , 2000, mcsa 2003 messaging. posting provided as-is no warranties or guarantees , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment