Tip

Active Directory: The Infrastructure Master, Global Catalog and more AD configuration

The following is a collection of expert responses to reader questions by Laura Hunter. 

What is the difference between the Global Catalog and the Infrastructure Master?

Laura Hunter:

    Requires Free Membership to View

The Global Catalog server maintains a partial, read-only copy of every domain in a forest, and is used for universal group storage and logon processing, among other things.

The Infrastructure Master is a Flexible, Single-Master Operations role-holder in each Active Directory domain that maintains internal references to objects that reside in other domains. See this article by fellow TechTarget expert Dean Wells for an in-depth look at the relationship between these two Active Directory components.

Is there a command in Windows to assign UNIX attributes to Active Directory users? I need to have around 20,000 Active Directory users to have Unix attributes.

LH: If you are running Windows Server 2003 R2 Active Directory, you may be able to use the built-in Identity Management for UNIX services to meet your needs; see this link from Microsoft for more information. If you haven't made the move to R2 yet, consider Services For Unix 3.5, a free download from the Microsoft website.

My question is, what permissions must one set for a service to run an application after booting, using the system account without requiring a user to login? I'm a developer and need the application to be active at all times, but our support section doesn't know what to set on AD.

LH:Windows services can be configured to run using the BUILTINLOCAL SERVICE account, the BUILTINNETWORK SERVICE account, or a dedicated local or domain service account. I would recommend coordinating with your Active Directory administrators to ensure that you are maintaining least-privilege when developing and implementing any application; you can refer to _Writing Secure Code, Second Edition_ (ISBN 0735617228) and the MSDN website as good starting points.

I know very little about Active Directory structure and its functionality and am very eager to learn. Do you recommend any specific books/manuals/IT schools that might be helpful for someone like myself?

LH:There are any number of good books and resources available for you to learn about Active Directory and other Microsoft technologies. Perhaps the best thing you can do is to install a test server for yourself and start trying different things to see what happens -- you can download a trial version of the Windows Server 2003 software from the Microsoft website. I would also recommend subscribing to the ActiveDir list-serv, hosted at ActiveDir.org, where you will find wit and wisdom from many Active Directory experts. You'll also find a lot of useful information on the Microsoft website itself; there are entire sub-sections of the site dedicated to different technologies including AD, DNS, and other networking and directory technologies.

Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft "Most Valuable Professional" award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (APress Publishing). You can contact her at laurahcomputing@gmail.com.

This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.