Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder
permissions on a file server that is in the child domain. You discover that some Access Control entries start with
S-1-5-21 and that no account name is listed.
You need to list the account names. What should you do?
A.
Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B.
Modify the schema to enable replication of the friendly names attribute to the Global Catalog.
C.
Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D.
Move the infrastructure master role in the child domain to a domain controller that does not hold the Global
Catalog.
Explanation:
If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the phantom
indexes are never created or updated on that domain controller. (The FSMO is also known as the operations
master.) This behavior occurs because a global catalog server contains a partial replica of every object in
Active Directory. The IM does not store phantom versions of the foreign objects because it already has a partial
replica of the object in the local global catalog.
For this process to work correctly in a multi domain environment, the infrastructure FSMO role holder cannot be
a global catalog server. Be aware that the first domain in the forest holds all five FSMO roles and is also a
global catalog. Therefore, you must transfer either role to another computer as soon as another domain
controller is installed in the domain if you plan to have multiple domains.