Exam AZ-800 topic 1 question 43 discussion

User1: This is a domain-level object. Since DC1 and DC2 are in the same domain (adatum.com), User1 will be replicated to DC2. DC3 is in a different domain (west.adatum.com), but it is in the same forest. Since it's a Global Catalog (GC) server, it will receive a partial replica of the adatum.com domain, including the newly created User1. DC4 is in a completely different forest (contoso.com) and there is no direct trust relationship between contoso.com and west.adatum.com, so User1 will not be replicated to DC4. Attribute1: This is a schema-level object. The schema is a forest-wide object. The schema master for the adatum.com forest is DC1, so any changes to the schema (such as adding a new attribute) are initially made on DC1. These changes are then replicated to all other domain controllers in the adatum.com forest, which includes DC2 and DC3. However, DC4 is in a different forest, so it will not receive the schema changes made in the adatum.com forest. In summary, User1 and Attribute1 will be replicated to DC2 and DC3

User1 is Created on DC1, therefore available on DC2, child domains (DC3) have their own PDC role AND objects! (DC2 ONLY) Attribute1: Adding attributes in the schema are available on all (child) domain controllers, as it is a forest role. Doesn't matter what server has the role, you can edit the schema on any domain controller within a forest. (DC2, DC3 ONLY) A forest trust has nothing to do with schema and AD objects in another forest, you can give other forest users and domain object access to resources.

DC2 Only Quando se cria um novo user em parent domain, esse user não é automaticamente replicado para um child domain. Cada domínio no Active Directory mantém seu próprio conjunto de objetos de users e outros objetos de diretório. A replicação ocorre apenas dentro do mesmo domínio. Se precisar que o user esteja disponível em ambos os domínios, você precisará criar o user separadamente em cada domínio. DC2 and DC3 Only Quando você estende o esquema com um novo atributo, como o Attribute1, em uma floresta do AD, essa alteração é replicada para todos os controladores de domínio dentro dessa mesma floresta. No entanto, essa replicação não se estende automaticamente para outras florestas, mesmo que haja uma relação de confiança (forest trust) entre elas. Portanto, se você precisar que o Attribute1 esteja disponível em outra floresta, será necessário estender o esquema também nessa floresta separadamente.

User1: DC2 and DC3 only Reason: User1 replicates within adatum.com (DC2) and to GC servers in the same forest (DC3) Attribute1: DC2 and DC3 only Reason: Schema changes replicate to all DCs within the same forest only

answer is dc2 for user1 and for attribute dc2 and dc3

https://serverfault.com/questions/280570/will-the-global-catalogs-in-two-forests-with-transitive-trust-replicate-data Global Catalogs are not synced between forests (even with a trust relationship)

Based on Active Directory structure: DC1 is part of the adatum.com domain and holds the Schema Master role. DC2 and DC3 are also part of the adatum.com domain. DC4 is part of the contoso.com domain and therefore in a different forest. Answers User1: Since User1 was created in the adatum.com domain, User1 will be replicated to all domain controllers within the same domain. Therefore, DC2 and DC3 will have User1's information. Attribute1: Since Attribute1 is a schema extension and schema is replicated across the entire forest, all domain controllers in the adatum.com forest (which includes DC1, DC2, and DC3) will get the schema update. DC4 will not get this update as it is in a different forest. User1: DC2, DC3 Attribute1: DC2, DC3

Based on the information provided, let’s analyze the actions performed on DC1: User Creation: You created a user named User1 on DC1. Schema Extension: You extended the schema with a new attribute named Attribute1 on DC1. Now let’s determine the replication behavior for User1 and Attribute1: User1 Replication: Since User1 was created on DC1, it will be replicated to other domain controllers within the same domain (adatum.com). Therefore, User1 will be replicated to DC2 (contoso.com) and DC3 (contoso.com). Attribute1 Replication: When you extend the schema with a new attribute, the schema update is replicated to all domain controllers in the forest. Therefore, Attribute1 will be replicated to all domain controllers in both forests: adatum.com and contoso.com (including DC1, DC2, DC3, and DC4). In summary: User1 will be replicated within the adatum.com domain. Attribute1 will be replicated across all domain controllers in both forests.

This question begs questions

User1: DC2 and DC3: User1 is created within the adatum.com domain. Object replication is standard within a domain, ensuring that DC2 and DC3 receive an update. DC4: Because DC4 is in a separate forest (contoso.com) and it is not specified that there is a direct trust relationship between contoso.com and west.adatum.com, User1 would not replicate to DC4. Attribute1: DC2 and DC3: Schema changes are applied at the forest level. As DC2 and DC3 have the function of Global Catalog (GC), they receive replication from Attribute1. DC4: Although DC4 is also a GC, it resides in a separate forest (contoso.com). Schema changes do not automatically propagate between multiple forests.

User1 = DC2 Only Atribute1 = DC2 and DC3 Only

Box1: To whom who think that the user is sync to the subdomain, please explain in what OU or container in the sub domain the user will be sync to, and maybe you will understand that the user will be sync only to it local domOn...

Why are people giving different answers?? It’s very confusing which one to chose in this case

User1 is replicated to: * DC2 in the adatum.com domain: User objects are part of the domain partition, which is replicated to all domain controllers in the same domain. * DC3 in the west.adatum.com domain: Because there’s a parent-child trust between west.adatum.com and adatum.com, user objects are replicated between the two domains. Attribute1 is replicated to: * DC2 in the adatum.com domain: Schema updates are part of the schema partition, which is replicated to all domain controllers in the same forest. * DC3 in the west.adatum.com domain: Because west.adatum.com is a child domain of adatum.com, it’s part of the same forest, and schema updates are replicated to all domain controllers in the forest. * DC4 in the contoso.com forest: Because there’s a forest trust between contoso.com and adatum.com, schema updates are replicated between the two forests.

User1 - D2 Atribute1 - D2, D3, D4

Contoso: - DC-4: > Nothing replicated, another forest. Adatum: - DC1 (ADATUM): > Create User1, Schema Extended with a new attribute - DC2 (ADATUM): > User + Attribute is replicated - DC3 (WEST.ADATAUM): > User + Attribute is replicated Schema master FSMO role The schema master FSMO role holder is the DC responsible for performing updates to the directory schema, that is, the schema naming context or LDAP://cn=schema,cn=configuration,dc=<domain>. This DC is the only one that can process updates to the directory schema. Once the Schema update is complete, it's replicated from the schema master to all other DCs in the directory. There's only one schema master per forest. https://www.windows-active-directory.com/global-catalog-server.html https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles