The infrastructure master and how to live with it

The Active Directory has 5 FSMO roles which are dedicated for certain tasks in a domain enviroment which should not be performed by all domain controller. The role Infratructure Master has cause a bit of confusion ever since it appeared in Active Directory  in Windows 2000 so here’s a quick explanation of it.

The Infrastructure Master is a domain-wide role (which means one in every domain and not one pr forest) and is used in a multiple domain forest to track and check all references to resources, such as user account, in the other domains. These references are knows as “phatom records” and are used by domain controller who are not Global Catalogs(GC). I’ve heard statements that infrastructure master can’t reside on a GC but that’s not exactly true, the infrastructure master can reside on any domain controller. However it will not function properly unless it resides on a non-GC DC in a multiple-domain forest.

So:

  • If your forest has only1 domain: Infrastructure Master is unemployed and you are free to place it anywhere
  • If all DCs in your forest are also GCs: Infrastructure Master is unemployed and you are free to place it anywhere
  • If your forest has at least 2 domains AND not all of your DCs are GCs: Place the infrastructure master on a non-GC DC.

Also notice that when upgrading your domain to 2008 R2, you must (as part of the preparation) run adprep /domainprep command on the server hosting the infrastructure master role.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s