Catalog Servers. Your domain structure contains one root domain and one child domain. You modify
the folder permissions on a file server that is in the child domain. You discover that some Access
Control entries start with S-1-5-21 and that no account name is listed.
You need to list the account names. What should you do?
A.
Move the RID master role in the child domain to a domain controller that holds the Global
Catalog.
B.
Modify the schema to enable replication of the friendly names attribute to the Global Catalog.
C.
Move the RID master role in the child domain to a domain controller that does not hold the Global
Catalog.
D.
Move the infrastructure master role in the child domain to a domain controller that does not hold
the Global Catalog.
Explanation:
If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the
phantom indexes are never created or updated on that domain controller. (The FSMO is also known
as the operations master.) This behavior occurs because a global catalog server contains a partial
replica of every object in Active Directory. The IM does not store phantom versions of the foreign
objects because it already has a partial replica of the object in the local global catalog.
For this process to work correctly in a multidomain environment, the infrastructure FSMO role
holder cannot be a global catalog server. Be aware that the first domain in the forest holds all five
FSMO roles and is also a global catalog. Therefore, you must transfer either role to another
computer as soon as another domain controller is installed in the domain if you plan to have
multiple domains.