The Infrastructure Master

Friday, October 28, 2011

The Infrastructure Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD) forest. There is only one Domain Controller (DC) in each domain that holds this role. By default, this is the first server that was promoted to a DC in the domain. The main purpose of the Infrastructure Master is for updating the group-to-user references whenever the members of groups are renamed or modified.

When you rename or move a member or a group and that member resides in a different domain than the group itself, you may notice that the group may not appear to be up to date by containing the latest information regarding that user. The role of the Infrastructure Master is to update the group with the new name and/or location of the member. The Infrastructure Master will update other domain controllers through normal multi-master replication.

The Infrastructure Master role should not be assigned to any domain controller that is also hosting the global catalog. However, assigning the Infrastructure Master role that is well connected to a Global Catalog server in the same site is recommended. If the Infrastructure Master and the Global Catalog server are on the same domain controller, the Infrastructure Master will not function. This is simply because the Infrastructure Master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.

If all of the domain controllers in the domain are also Global Catalog servers, then the placement of the Infrastructure Master is not important as all domain controllers will always have current data at hand. In a single forest, single domain model, you should assign the role of Global Catalog to all domain controllers.

Temporary loss of the Infrastructure Master is not very visible to users or network administrators. If the Infrastructure Master will be unavailable for a lengthy amount of time, you can seize the role to another domain controller. Once the Infrastructure Master returns to service, the role can be transferred back to the original domain controller.

Transferring the role can be done using the Active Directory Users and Computers snap-in, or it can be done using the ntdsutil command prompt.

Using the Active Directory Users and Computers snap-in, connect to the target DC. Then, right click the domain object and click on Operations Master... Click on the Infrastructure tab. In the top box, the current DC holding the role should be displayed. In the lower box, you should see the name of the DC that you wish to transfer the role to.


Or, using the ntdsutil.exe command, type "roles" and hit [enter]. Then type "connections" and hit [enter]. Next type "connect to server servername and hit [enter]. Type quit and hit [enter]. The system will bind and continue. Then type "transfer infrastructure master" and hit [enter]. A confirmation dialog box will be displayed. Click on "Yes". The system will provide some feedback in regards to this action.


The process of transferring the Infrastructure Master role is complete.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed