Local user profiles The location of a user profile depends on whether the user is starting from a clean installation

of a Windows Server 2003 family operating system or an upgrade from a previous version of Windows. Global User -Roaming user profiles enable users to log on to computers in a domain while preserving their user profile settings. User profiles are stored at an administrator specified server location. When a user logs on and has been authenticated within the directory service, the user profile, including user settings and documents, are copied to the local computer. User profile changes made on the local computer are then captured. Changes will then be copied to the user profile stored on the server and be applied the next time the user logs on. Mandatory user profiles are similar, but do not allow changes to be copied to the user profile stored on the server Universal User - If you are installing RMS in a multiple Active Directory directory services domain or forest, you must use Active Directory Universal Groups to ensure that the group membership is replicated to all Global Catalog servers. In order to create Active Directory Universal groups, your Active Directory environment must be at the following functional levels: Windows 2000 Native domain functional level and the Windows Server 2003 forest functional level.

When to create a realm trust

A realm trust can be established between any non-Windows Kerberos V5 realm and a Windows Server 2003 domain. This trust relationship allows cross-platform interoperability with security services based on other Kerberos V5 versions such as UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way.

Why the global catalog server and infrastructure master not avail in the same domain controllers?
The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role.