Microsoft 70-411 Exam – Q21

Your network contains an Active Directory forest named The forest contains two domains named and All domain controllers run Windows Server 2012 R2. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.

You open Active Directory Users and Computers on a client computer and connect to DC1. You display the members of a group named Group1 as shown in the Group1 Members exhibit.

When you view the properties of a user named User102, you receive the error message shown in the Error exhibit. The error message does not display for any other members of Group1.

You need to identify which domain controller causes the issue shown in the error message.
Which domain controller should you identify?

A. DC1
B. DC2
C. DC10
D. DC11

Correct Answer: B

The infrastructure master is responsible for updating the group-to-user references when the members of a group are renamed or changed within a domain.

The domain controller that holds the infrastructure master role for the group’s domain is responsible for updating the cross-domain group-to-user reference to reflect the user’s name change. Periodically, the infrastructure master scans its database for group members from other domains. For each member from a foreign domain that the infrastructure master finds, it compares the name and the security identifier (SID) of the member against a global catalog. If the name or the SID does not match, the local reference is updated with the values in the global catalog.

For example, if a user account is moved to a new domain, the infrastructure master updates the local reference’s name and SID because they do not match the values in the global catalog. After the infrastructure master updates these references locally, it uses replication to update all other replicas of the domain. If the infrastructure master is not available, these updates are delayed.