What does the infrastructure Flexible Single Master Operation (FSMO) role do?

A. The infrastructure FSMO role is one of the three "per domain" Operations Masters. The infrastructure FSMO keeps its domain's references to objects in other domains up-to-date by comparing its data with information in the Global Catalog (GC). As a result, the infrastructure FSMO doesn't usually work if it's a GC because the FSMO's information would always be the same as the GC's information. If the infrastructure FSMO's data becomes out-of-date, the FSMO will request updated information from the GC, then replicate the update to all domain controllers (DCs) in its domain. Where possible in the same site, the infrastructure FSMO needs to have a good connection to the GC. The infrastructure FSMO can reside on a GC server only when every DC in a domain is a GC (because every DC would have up-to-date information) or when only one domain exists in the forest.

The primary purpose of the infrastructure FSMO is to update group memberships for users who reside in domains other than the group's domain. If you rename a user or move a user who belongs to a different domain, the group might exhibit some strange behavior. For example, the group might temporarily appear to not contain the user or the user icon might appear with gray hair because the group contains the user's SID and globally unique identifier (GUID), not just the distinguished name (DN). This collection of attributes is known as a phantom record in the group's domain. When you view the group's members, the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in verifies the DN with the user's domain. Because the DN has changed as the result of a rename or move operation, the snap-in doesn't find a match and gives the user's icon gray hair.

After the infrastructure FSMO runs and detects the user rename or move (i.e., checks all phantom entries), it updates the group with the correct name and location by querying the GC for the new DN of the stored GUID. Then, the user will again appear as a regular member of the group.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.