Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child
domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed.
You need to list the account names. What should you do?
A.
Move the RID master role in the child domain to a domain controller that holds the Global Catalog.
B.
Modify the schema to enable replication of the friendly names attribute to the Global Catalog.
C.
Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.
D.
Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.
Explanation:
If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the phantom indexes are never created or updated on that domain
controller. (The FSMO is also known as the operations master.) This behavior occurs because a global catalog server contains a partial replica of every object in
Active Directory. The IM does not store phantom versions of the foreign objects because it already has a partial replica of the object in the local global catalog.
For this process to work correctly in a multidomain environment, the infrastructure FSMO role holder cannot be a global catalog server. Be aware that the first
domain in the forest holds all five FSMO roles and is also a global catalog. Therefore, you must transfer either role to another computer as soon as another domain
controller is installed in the domain if you plan to have multiple domains.