Correct placement of Infrastructure master in a domain is very important. On the diagram on the left, I have shown two domains in the same forest with a 2 way transitive trust. In domain2.com, infrastructure master is on a separate server than the GC server. Infrastructure master's job is to check the cross domain reference- so here it checks whether the user smith from the other domain is a member of operations group, it has to validate that against the GC server. In domain2.com it checks against GC server and if a change is made it also replicates to the other DC.
In case of domain1.com when the infrastructure master checks whether adam is member of marketing group, it has to check against GC server. Because GC is on the same server as Infrastructure master, when a change takes place, GC server will make that change in the NTDS.dit file. Because Infrastructure Master is on the same server, it does not see any change on the GC server as it validates against the same NTDS.dit file. Because it sees no change, it does not replicate the change to the other domain controller.
No comments:
Post a Comment