The Infrastructure Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD)
forest. There is only one Domain Controller (DC) in each domain that holds this role. By default, this is the first server that was
promoted to a DC in the domain. The main purpose of the Infrastructure Master is for updating the group-to-user references
whenever the members of groups are renamed or modified.
When you rename or move a member or a group and that member resides in a different domain than the group itself, you may notice
that the group may not appear to be up to date by containing the latest information regarding that user. The role of the
Infrastructure Master is to update the group with the new name and/or location of the member. The Infrastructure Master will
update other domain controllers through normal multi-master replication.
The Infrastructure Master role should not be assigned to any domain controller that is also hosting the global catalog.
However, assigning the Infrastructure Master role that is well connected to a Global Catalog server in the same site is
recommended. If the Infrastructure Master and the Global Catalog server are on the same domain controller, the Infrastructure
Master will not function. This is simply because the Infrastructure Master will never find data that is out of date, so it will
never replicate any changes to the other domain controllers in the domain.
If all of the domain controllers in the domain are also Global Catalog servers, then the placement of the Infrastructure Master
is not important as all domain controllers will always have current data at hand. In a single forest, single domain model, you
should assign the role of Global Catalog to all domain controllers.
Temporary loss of the Infrastructure Master is not very visible to users or network administrators. If the Infrastructure Master
will be unavailable for a lengthy amount of time, you can seize the role to another domain controller. Once the Infrastructure
Master returns to service, the role can be transferred back to the original domain controller.
Transferring the role can be done using the Active Directory Users and Computers snap-in, or it can be done using the ntdsutil
Using the Active Directory Users and Computers snap-in, connect to the target DC. Then, right click the domain object and
click on Operations Master... Click on the Infrastructure tab. In the top box, the current DC holding the role should be displayed.
In the lower box, you should see the name of the DC that you wish to transfer the role to.
Or, using the ntdsutil.exe command, type "roles" and hit [enter]. Then type "connections" and hit [enter]. Next type
"connect to server servername and hit [enter]. Type quit and hit [enter]. The system will bind and continue. Then type
"transfer infrastructure master" and hit [enter]. A confirmation dialog box will be displayed. Click on "Yes". The system
will provide some feedback in regards to this action.
The process of transferring the Infrastructure Master role is complete.
Recommended Books & Training Resources