Monday, May 17, 2010

Global Catalog vs. Infrastructure Master

Q: Is the Infrastructure Master allowed to run on a Domain Controller which also holds the Global Catalog Server?

A:
One of the common replies and misunderstood rumors is that the Infrastructure Master (IM) is only allowed to run on a Global Catalog Server (GC) if every Domain Controller (DC) in the Forest is Global Catalog Server. That rumor is just based on misleading wording.

The infrastructure masters job is to compare objects of the local domain against objects in other domains of the same forest. If the server holding the infrastructure master is also a global catalog it won't ever see any differences, since the global catalog holds a partial copy of every object in the forest itself. Therefore the
infrastructure master won't do anything in its domain. However if every DC in the Domain is also global catalog server there's no job for the IM since the GC already knows about the objects of other domains. So if you look at the job the IM has to do, it's pretty clear that it may reside on a GC if it's a single domain forest (no need to pull updates from other domains). It's also pretty clear that it may reside on a GC if it's in a multiple domain forest but every DC in the domain where the IM runs on the GC are also GCs (no need to pull updates since the GC knows everything).

So the following infrastructure is a valid configuration:

One domain:
R-DC1 (GC + IM)
R-DC2 (GC)
R-DC3-x (must be GC)

Other domain:
O-DC1 (GC)
O-DC2 (IM)
O-DC3-x (might or might not be GC, does not matter)

The first domain does not need to pull updates since the GCs know everything, the other domain has the IM running on a non-GC so it pulls the updates and replicates them to other DCs.

The following KB states that correctly:
http://support.microsoft.com/kb/223346/EN-US/

So to be short:
The Infrastructure Master is not allowed to run on a Global Catalog Server if either
• there are multiple Domains in the Forest
• there are Domain Controllers in the same Domain which are not Global Catalog Servers

The Infrastructure Master is allowed to run on a Global Catalog Server in a Domain if either
• there's only one Domain in the Forest
• every Domain Controller in the Domain in question is Global Catalog Server

No comments:

Post a Comment