Active Directory, Server 2008, Server 2012, Windows

Why Global catalog server and Infrastructure operation master shouldn’t be on same server ?

Ok, so once again i’m back after quite some time of lull. Was busy in some of my assignments. So lets begin. The question above is asked in nearly all my AD training. Here is the answer.

The infrastructure master is responsible for updating cross domain group memberships. So, if a user is member of a group which is in another domain, once username is changed you can see name got updated in “member” tab of the group . To perform this operation infrastructure master periodically scans its database for group members from other domains. For each member from a foreign domain that the infrastructure master finds, it compares the name and the security identifier (SID) of the member against a global catalog. If the name or the SID does not match, the local reference is updated with the values in the global catalog. Because a global catalog maintains a partial attribute set of every object from every domain in the forest, infrastructure master always gets updated information. Later infrastructure master will update other domain controllers (DC) in domain.

If the infrastructure master will be placed on a global catalog server, whenever it needs update it will try to find global catalog but in this case both are on same server so infrastructure master will believe that it has all updated information.  Consequently, the infrastructure master is not able to determine which cross-domain references have changed and any changes (like in example above where username had changed) won’t replicate to any other DC in domain. Hence, DCs in domain will have not have updated information and for this reason, the infrastructure master should not run on a global catalog server in a forest that contains multiple domains.

However there are few exceptions as under:

  • If every domain controller in a domain is a global catalog server, no cross-domain references exist which solves replication issues.
  • If a given domain in a multi-domain forest contains only one domain controller, the domain controller will be  infrastructure master and global catalog. In this case the replication issue is irrelevant.
  • If there is only one domain in forest.

Hope this clarifies your doubts.

Today is 5th September so Happy Teachers Day and being a trainer myself its big day for me atleast for the sake of party we have in office today evening. Lol 🙂

I will see you again with some other technical stuff till then happy reading…

 

Published by Vinit Pandey

I am Microsoft Certified Trainer ( MCT) with couple of other certifications including MCSE, MCITP and MCTS. My core technologies are Windows Servers and clients, System Center products including MECM, Intune, Systrack, Nexthink, Yellow.AI, PowerShell, Nomad, Tachyon, Shopping, SCOM, SCVMM, Hyper-V, Failover Clustering and Azure. I have done B.Tech in electronics and communication stream. I have total 15+ experience in IT field. Presently, I am working with Larsen and Toubro Infotech as Experience Architect. My job includes transition, transformation and migration activities which we perform for our esteemed clients. Often I need to provide consultancy to my clients in migration and planning projects. I am from Chousa (Buxar) which has a lot of historical significance. In my free time I love to blog and play with Shreya (my daughter) and Tiger ( my pet dog).

4 thoughts on “Why Global catalog server and Infrastructure operation master shouldn’t be on same server ?

  2. Hello Sir, Thank you for sharing the insight of Infrastructure operation.

    I am curious to know if you offer training. I would like to have training session from you, please respond.

    Thank you.

    Like

    Reply

Leave a comment