Computers & ProgrammingComputers & NetworkingWindows Server

The Infrastructure Master

The Infrastructure Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD) forest. There is only one Domain Controller (DC) in each domain that holds this role. By default, this is the first server that was promoted to a DC in the domain. The main purpose of the Infrastructure Master is for updating the group-to-user references whenever the members of groups are renamed or modified.

When you rename or move a member or a group and that member resides in a different domain than the group itself, you may notice that the group may not appear to be up to date by containing the latest information regarding that user. The role of the Infrastructure Master is to update the group with the new name and/or location of the member. The Infrastructure Master will update other domain controllers through normal multi-master replication.

The Infrastructure Master role should not be assigned to any domain controller that is also hosting the global catalog. However, assigning the Infrastructure Master role that is well connected to a Global Catalog server in the same site is recommended.

If the Infrastructure Master and the Global Catalog server are on the same domain controller, the Infrastructure Master will not function. This is simply because the Infrastructure Master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.

If all of the domain controllers in the domain are also Global Catalog servers, then the placement of the Infrastructure Master is not important as all domain controllers will always have current data at hand. In a single forest, single domain model, you should assign the role of Global Catalog to all domain controllers.

Temporary loss of the Infrastructure Master is not very visible to users or network administrators. If the Infrastructure Master will be unavailable for a lengthy amount of time, you can seize the role to another domain controller. Once the Infrastructure Master returns to service, the role can be transferred back to the original domain controller.

Transferring the role can be done using the Active Directory Users and Computers snap-in, or it can be done using the ntdsutil command prompt.

Using the Active Directory Users and Computers snap-in, connect to the target DC. Then, right click the domain object and click on Operations Master… Click on the Infrastructure tab. In the top box, the current DC holding the role should be displayed. In the lower box, you should see the name of the DC to that you wish to transfer the role.

686Db2F60Fa44Bc9Af6F303D7B01C615

Or, using the ntdsutil.exe command, type roles and hit enter. Then type connections and hit enter. Next type connect to server servername and hit enter. Type quit and hit enter. The system will bind and continue.

Then type transfer infrastructure master and hit enter. A confirmation dialog box will be displayed. Click on Yes. The system will provide some feedback in regards to this action.

1D51C8A60C53427E834Ccb90190D0B25

The process of transferring the Infrastructure Master role is complete.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top