Your network contains an Active Directory forest that has three domains. All domain controllers run
Windows Server 2012.
You need to recommend a solution to control which attributes are replicated to global catalog servers in
the forest. What should you include in the recommendation?A. constrained delegation.
B.
the partial attribute set.
C.
application directory partitions.
D.
the filtered attribute set.
Global Catalog Partial Attribute Set
In its role as a domain controller, a global catalog server stores one domain directory partition that has writable objects with a full complement of writable attributes. In its role as global catalog server, it also stores the objects of all other domain directory partitions in a multidomain forest as read-only objects with a partial set of attributes. The set of attributes that are marked for inclusion in the global catalog are called the partial attribute set (PAS). An attribute is marked for inclusion in the PAS as part of its schema definition.
Objects in the schema that define an attribute are attributeSchema objects, which themselves have an attribute isMemberOfPartialAttributeSet. If the value of that attribute is TRUE, the attribute is replicated to the global catalog. The replication topology for the global catalog is generated automatically by the Knowledge Consistency Checker (KCC), a built-in process that implements a replication topology that is guaranteed to deliver the contents of every directory partition to every global catalog server.
The attributes that are replicated to the global catalog by default include a base set that have been defined by Microsoft as the attributes that are most likely to be used in searches. Administrators can use the Microsoft Management Console (MMC) Active Directory Schema snap-in to specify additional attributes to meet the needs of their installation. In the Active Directory Schema snap-in, you can select the Replicate this attribute to the global catalog check box to designate an attributeSchema object as a member of the PAS, which sets the value of the isMemberOfPartialAttributeSet attribute to TRUE.
https://technet.microsoft.com/pt-br/library/how-global-catalog-servers-work(v=ws.10).aspx
I agree! I was very confused until I found these explanations.
The Partial Attribute Set (PAS) is the subset of attributes in the Active Directory Schema that are replicated to the Global Catalog (GC). Each Domain Controller (DC) has a complete writable replica of the domain the DC resides in. If it is also a Global Catalog server, then it also has a partial read-only replica of all other naming contexts in the forest. The partial replicas include all objects, but only selected attributes for those objects. The selected attributes are those in the Partial Attribute Set.
——————————————————————————-
The read-only domain controller (RODC) filtered attribute set (FAS) is a set of attributes of the Active Directory schema that is not replicated to an RODC. If you have data that you do not want to be replicated to an RODC in case it is stolen, you can add these attributes to the RODC FAS. If you add the attributes to the RODC FAS before you deploy the first RODC, the attributes are never replicated to any RODC.
As an alternative, you can add attributes to the RODC FAS after you deploy RODCs, but attribute values that have already replicated to an RODC may not be physically removed from the database or could still be present in an old local backup copy of the server. Therefore, if you want complete assurance that the attribute values do not appear on an RODC, add attributes to the FAS before you assign any values to them.
In addition, if you plan to add attributes to the RODC FAS, as a best practice, ensure that the forest functional level is Windows Server 2008. Until the forest functional level is Windows Server 2008, an RODC can replicate data of the RODC FAS from a global catalog server that is running Windows Server 2003.