Can't Add memberOf to Global Catalog

L

lansche

The Windows Server 2003 Global Catalog comes, Out-Of-The-Box, designed
not to replicate the "memberOf" attribute.

Looking into the Microsoft Knowledge Base, I have found
Q216060 Registry Modification Required to Allow Writing to Schema

I have followed these instructions.My account is a Schema Admin, and
the "Schema Updates Allowed" Registry key is set per the instructions.
I have successfully removed, and re-added the "mail" attribute to the
GC. But when I try to set the "memberOf" attribute, I get
the message.

"Could not change whether this attribute should be replicated to the
global catalog servers."

Since I am able to remove the "mail" attribute, and I have confirmed
that the "mail" attributes are disappearing from the 3268 GC port, this
shows that that I am able to change other attributes.

How can I replicate the "memberOf" attribute to the GC?
 
J

Jorge de Almeida Pinto

you can't

Forward links (e.g. member attribute) is replicated and back links (e.g.
memberOf attribute) is contructed by each individual DC
 
J

Joe Richards [MVP]

Couple of items.

1. memberof is the backlink of the forward link attribute member. The values
returned for the attribute are entirely depending on what values are in the
member attribute on a given DC.

2. member is actually marked to be part of the partial attribute set already.


3. Even though member is marked to be part of the partial attribute set, there
is hardcoded functionality behind it that prevents the member attributes from
all group scopes from being replicated to all GCs. The only groups guaranteed to
have member replicated to all GCs are universal groups. You will find other
groups that have membership in the GCs but that is due to an implementation
detail. The global and domain local groups of domain1 will be, for instance,
represented in a global catalog that is a DC for domain1. Ditto for domain2
groups and a domain2 DC/GC. However domain1 global and domain local group
memberships will not be represented on the the domain2 DC/GC.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Global Catalog and memberOf (again!) 4
Add memberOf to Global Catalog 5
ADAM: userspecific backlink attribute values not displayed on SEARCH result 3
LDAP Query for "memberof" Attribute 1
Question on reconciling members and memberof attributes 3
Global Catalog 8
Global Catalog Setup 0
Global Catalog 3

Top