Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed. You need to list the account names. What should you do?
A.
Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B.
Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.
C.
Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D.
Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
D.
Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
Would someone be so kind to explain or refer a link that does? Thank you!
If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the phantom indexes are never created or updated on that domain controller. (The FSMO is also known as the operations master.) This behavior occurs because a global catalog server contains a partial replica of every object in Active Directory. The IM does not store phantom versions of the foreign objects because it already has a partial replica of the object in the local global catalog.
For this process to work correctly in a multidomain environment, the infrastructure FSMO role holder cannot be a global catalog server. Be aware that the first domain in the forest holds all five FSMO roles and is also a global catalog. Therefore, you must transfer either role to another computer as soon as another domain controller is installed in the domain if you plan to have multiple domains.