General discussion

Locked

Infrastructure Masters FSMO role

By Sean Clevenger ·
Look like I timed out and the system posted without me.
I need an explanation of exactly what the Infrastructure Master does and how it does it. MS porvides no clear explanation of EXACTLY when you need the IM or HOW is works. Lets say you have Domains A.com, B.A.COM and you want to add another domain. Currently all DCs in both domain A and B domains have Global Catalogs and that’s fine (Q223346). Now you add domain C.B.A.COM but domain C will have one DC that will have no FSMO roles on it. Question: Where and how many IMs are absolutely necessary in this forest following the Q223346 recommendations and combinations I list at the end of this question? Also IMs function detail ie aks, naks, push/pull, time between replication.

Points will be awarded to the answer that provides reference to Q article/s, published book&author or reputable web site.

I have done research and compiled the following documented FSMO combinations that work and don't work: OIL AND WATER

[Separate]
Global Catalog vs Active Directory-integrated DNS
Q252695 Event I 4011

[Together]
RID and PDC emulator roles on the same DC.
Separate if load justifies.
Q223346

[Separate]
Infrastructure Master vs Global Catalog
Q223346

[Together]
Schema Master and Domain Naming master
Roles should be placed on the same domain controller as they are rarely used and should be tightly controlled.
Q216899

[Together]
Domain Naming Master and Global Catalog Server.
Q216899

[Separate IF]
The Infrastructure Master should not be located on the same domain controller holding the RID master and PDC emulator roles if it is also a GC server
Q216899

Combination break down from above:
SM/DNM & DNM/GC = SM/DNM/GC
[Q223346]

PDC/RID/IM or PDC/RID/GC but not PDC/RID/IM/GC
[Q216899] & [Q223346]

not GC/AD-DNS if Event ID 4011
[Q252695]

not GC/IM
[Q223346]

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Infrastructure Masters FSMO role

by maxwell edison In reply to Infrastructure Masters FS ...

The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog's data will always be up-to-date. If the infrastructure master finds data that is out-of-date, it requests the updated data from a global catalog. The infrastructure master then replicates thatupdated data to the other domain controllers in the domain.

Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so will never replicate any changes to the other domain controllersin the domain.

If all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

(continued...)

Collapse -

Infrastructure Masters FSMO role

by maxwell edison In reply to Infrastructure Masters FS ...

Single master operations:

Active Directory supports multimaster replication of the directory data store between all domain controllers in the domain. Some changes are impractical to perform in multimaster fashion, however, so only one domain controller, called the operations master, accepts requests for such changes.

Because the operations master roles can be moved to other domain controllers within the domain or forest, these roles are sometimes referred to as flexible single master operations.

In any Active Directory forest, there are five operations master roles that are assigned to one or more domain controllers. Some roles must appear in every forest. Other roles must appear in every domain in the forest.

Forest-wide operations master roles:

Every Active Directory forest must have the following roles:

Schema master

Domain naming master

These roles must be unique in the forest. This means that throughout the entire forest there can be only one schema masterand one domain naming master.

See this link:


http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_ADgcInfFSMO.htm

for the rest of the description including:

Schema master
Domain naming master
Domain-wide operations master roles
Relative ID master
PDC emulator
Infrastructure master

Transferring an operations master role means moving it from one domain controller to another, with the cooperation of the original role holder. Depending upon the operations master role to be transferred, you perform the role transfer using one of the three Active Directory snap-ins.

See this link:

http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_ADgcInfFSMO.htm

for the rest of that story.

REMOVE SPACES from the pasted URLs.

There are several additional related links at those Web pages *** well.

Maxwell

Collapse -

Infrastructure Masters FSMO role

by Shanghai Sam In reply to Infrastructure Masters FS ...

I believe that came from Technet Book: Windows 2000 Advanced Server Manual, Topic: Active Directory. Between Technet, Microsoft Premier Support and the web I have spent about 20 hours looking for this answer. This amount of time spent is one of the reasons why I produced my Oil and Water document so I could keep track. The depth of understanding I'm looking for in the detail of the answer is something like what is outlined in the MS Windows NT Server 4.0 - WINS Architecture and Capacity Planning (Technet). Thank you for your input.

Collapse -

Infrastructure Masters FSMO role

by timwalsh In reply to Infrastructure Masters FS ...

Excerpts from the Windows 2000 Server Resource Kit Distributed Systems Guide:

From section "Managing Flexible Single-Master Operations Roles":
Infrastructure Master There is one infrastructure master role per domain. The owner of this role ensures the referential integrity of objects with attributes that contain distinguished names of other objects that might exist in other domains. Because Active Directory allows objects to be moved or renamed, the infrastructure master periodically checks for object modifications and maintains the referential integrity of these objects.
--------------------------------------
From section "Examining Operations Master Technical Details":
Why must the infrastructure master not be a Global Catalog server?
When an object on one domain controller references an object that is not on that domain controller, it represents that reference as a record containing the GUID, the SID (for references to security principals), and the distinguished name of the object being referenced. If the referenced object moves, its GUID does not change, its SID changes if the move is cross-domain, and its distinguished name always changes.

The infrastructure master for a domain periodically examines the references, within its replica of the directory data, to objects not held on that domain controller. It queries a Global Catalog server for current information about the distinguished name and SID of each referenced object. If this information has changed, the infrastructure master makes the change in its local replica and also replicates the new values to other domain controllers within the domain.
(cont.)

Collapse -

Infrastructure Masters FSMO role

by timwalsh In reply to Infrastructure Masters FS ...

(cont.)
If the infrastructure master runs on a Global Catalog server it will never update anything, because it does not contain any references to objects that it does not hold. That is because a Global Catalog server holds a partial replica of every object in the forest.
----------------------------------------
From section "Placing Operations Master Roles | Determining Per-Domain Role Placements":
Note
The infrastructure master role needs to be held by a domain controller that is not a Global Catalog server. If the infrastructure master role is held by a domain controller that is a Global Catalog server, cross-domain object references in that domain will not be updated. If all domain controllers in a domain are Global Catalog servers, it does not matter which domain controller holds the infrastructure master role.

Collapse -

Infrastructure Masters FSMO role

by timwalsh In reply to Infrastructure Masters FS ...

Therefore, if you have a single DC in a domain, you will have a Global Catalog server that is also an Infrastructure Master.

Collapse -

Infrastructure Masters FSMO role

by Sean Clevenger In reply to Infrastructure Masters FS ...

To clarify, I’m looking for two answers or a single source that answers both questions. In the question I give a sample forest and the questions to answer are <<<SNIP>>>Question: Where and how many IMs are absolutely necessary in this forestfollowing the Q223346 recommendations and combinations I list at the end of this question? Also IMs function detail ie aks, naks, push/pull, time between replication.<<<SNIP>>> Nuts-and-bolts. Thank you for your input.

Collapse -

Infrastructure Masters FSMO role

by Sean Clevenger In reply to Infrastructure Masters FS ...

Point value changed by question poster.

Collapse -

Infrastructure Masters FSMO role

by Sean Clevenger In reply to Infrastructure Masters FS ...

Point value changed by question poster.

Collapse -

Infrastructure Masters FSMO role

by Sean Clevenger In reply to Infrastructure Masters FS ...

Point value changed by question poster.

Back to Windows Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums