Windows Server 2008 R2 : Planning for Active Directory (part 3) - Global Catalog servers

6. Global Catalog servers

Global Catalog (GC) servers are DCs assigned to host additional information about the forest. A typical DC contains details about the domain in which it resides, however, GC servers contain additional information about every domain in the forest. GCs are especially important to properly plan when deploying multiple AD domains. GCs are designated using the AD Sites and Services console as seen in Figure 5. Some applications, such as Microsoft Exchange server, rely on connectivity to GCs opposed to normal DCs. You will want to ensure that you have adequate redundancy for GCs when planning your AD deployment.

7. Planning for operations masters

AD includes a group of roles known as the Flexible Single Master Operations (FSMO) roles. Each FSMO role is assigned to a single DC to perform a specific function with the forest or domain. Consider the following points when planning for FSMO roles in your deployment:

• PDC emulator —The PDC emulator simulates legacy Windows NT systems that require the use of a PDC. The PDC also handles urgent replication tasks that fall out of the normal scope of AD replication. For example, when a user account is locked out due to failed log-on attempts, the lockout should instantly be replicated to all DCs in the domain. The PDC emulator ensures that all DCs immediately get the lockout update. The PDC emulator exists on one DC in each domain.

• Relative ID (RID) Master —The RID Master hands out RIDs all DCs in the domain. RIDs are used by DCs to create a unique ID for each object created in AD. The RID Master provides each DCs a pool of RID numbers to be used for new objects. When a DCs pool of RIDs gets low, the RID Master allocates more RIDs to that DC. The RID Master resides on one DC within each domain. If the RID Master is offline for a significant amount of time, you may find yourself without the ability to add new computers or users to your domain.

• Infrastructure Master —One DC in each domain acts as the Infrastructure Master. The Infrastructure Master maintains user and group membership references. When group changes are made, the Infrastructure Master ensures that these changes get replicated throughout the domain.

• Schema Master —This is a forest wide role meaning it exists on only one DC in the entire forest. The Schema Master role controls all updates to the AD schema. In the event that the schema needs to be modified such as deploying Exchange 2007 or 2010, the schema updates must occur on the Schema Master.

• Domain Naming Master —The Domain Naming Master is also a forest wide role. This role manages the addition or removal of domains within the forest. If the Domain Naming Master is offline, you will find yourself not having the ability to add additional domains to the forest.

8. Planning for domain and forest functional levels

Windows domains can exist at various forest and domain functional levels. Functional levels determine the compatibility and features that can be used in the domain or forest. For example, each release of Windows Server typically includes replication improvements, however, to take advantage of those improvements, the domain must be at that release’s functional level. To support a specific functional level it is required that all DCs in the domain or forest be running specific releases of the OS. Domain and Forest functional levels and their required DC OSs are listed in Table 1:

Notes From the Field

Forest and functional levels and rollback

In most cases, raising the domain or forest functional level is a one-way street. This means that once you raise the functional level to support new features, you cannot roll back. One exception to this rule is that rollback from Windows Server 2008 R2 to Windows Server 2008 is supported if the recycle bin feature has not been enabled.