Infrastructure FSMO  Role

Posted on 2009-04-17
Last Modified: 2012-06-21
Hi All,
I have 2 questions for you.
Question 1.
Where Infrastructure FSMO roles come in to an action.In an single domain enviornment or multiple domain enviornment ?
Please give me clear understaning with an example, will be very helpful to me.
where to keep infrastructure role ?
what happen If my infrastructure role dc goes down but my Globalcatalog Dc is up and running. ?

Qusetion 2 :-
Another confusing part in my mind is application partition.
please explain me with an example.

Thanks all....

Question by:shankarvetrivel
    LVL 57

    Accepted Solution

    In a single domain environment it doesn't come into play.
    In a mult-domain structure it maintains references to objects in the other domains (you will hear them referred to as "phantoms".
    So an example
    You have Domain1 and Domain2.   If you create a group in domain1 and place members in it from domain2 then the IM in domain1  is used to maintin those references.
    While we are on the Infrastructure master topic there is always debate about putting it on a GC or not.  Not sure why this debate still goes on but just today on a question this was being debated.  I'll point you to a short and good blog entry on that
    If the infrastructure master goes down then there won't be cross domain updates...not sure how many changes you are making but users will still be able to function.
    An applications partition is a directory partition that is replicated only to specific domain controllers.  So two examples you probably already have and may not realize it.
    when you install DNS in W2K3 two new app partitions are created those are the DomainDNSZones and ForestDnsZones.   The Forest zone is replicated to all DNS servers running DNS in your forest, and as you can guess the domain zone replicates to DNS servers on DCs in your domain.  So as the name implies the partition only replicates to certain DCs.
    LVL 27

    Assisted Solution

    Specifically, the Infrastructure master manages group membership references between user/computer accounts and groups (linked attributes). For example : John is a member of the group Group1. Group1 has an attribute 'members' where the DN of john is held. John has an attribute 'memberof' where the DN of the group is held. These are called linked attributes.
    The primary attribute is 'members' on the group. When this is modified, AD automatically updates the attribute of the corresponding account. e.g. you remove John out of the group, modifying the group attribute, and AD then removes the group from John's 'memberof' attribute.
    What the infrastructure master does is handle this operation across domains for objects which do not exist in it's own domain. It creates 'phantom' objects for the accounts in other domains so that it can update the linked attributes.
    Like Mike says, single domain it's irrelevant, multi domain - unless ALL the DCs in your domain are also GCs, then do not place the Infrastructure Master on a GC.

    Author Closing Comment

    THanks,really helped me.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    One of the major disadvantages of still running XP in production is its lack of Internet Explorer Favourites directory redirection. If your users frequently roam between computers, the usual workaround is to enable Roaming Profiles to have the favou…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now