Infrastructure Master with Global Catalogs Rundown

Infrastructure Master with Global Catalogs Rundown

July 16, 2012 2 By Eric Shanks

It’s a pretty common best practice to not install the Infrastructure Master (FSMO) Role on a Global Catalog Server.  This post should help to explain why that is, and the circumstances where you can get away with it.

Global Catalog Review

A Global Catalog contains a full set of attributes for the domain that it’s a member of and a subset of information for all domains in its forest.  So basically, what this means is that all of the little attributes that are stored on objects in Active Directory, in the GC’s domain, will be housed on Global Catalog servers.  The global Catalog will also have a replica of the objects from other domains in the forest, but only a smaller set of their attributes.

Infrastructure Master FSMO Role Review

“Updates cross-domain references and phantoms from the global catalog.”   To describe this a little better, lets have an example.  If User1 was deleted from the domain, the Global Catalog Servers would almost immediately remove this object but if there were additional references in a different domain to this object a “phantom object” would be created as a sort of temporary placeholder.  For instance if Group1 in domain2 has User1 in domain1 as a member, a phantom object would be created.

The Infrastructure Master periodically checks against the Global Catalogs to see if any “phantoms” exist and if so, cleans up the references and once done can remove the phantom.

http://support.microsoft.com/kb/223346/en-us

Infrastructure Master on Global Catalog

Now that we have some background it’s much easier to see why the Infrastructure Manager shouldn’t be on a Global Catalog.  Since Global Catalogs will have a reference to each object in the forest, the infrastructure master won’t see any phantoms and therefore will not update the rest of the Domain Controllers.

There are a few scenarios in which you can get away with having the Infrastructure Master on the GC:

  1. In a single domain phantoms are not needed.  In this instance the Infrastructure Master doesn’t have anything to do so it doesn’t matter where you put it.
  2. If every domain controller in a domain is also a Global Catalog Server there is also no work for the infrastructure Master to do.
CategoryMicrosoft
TagsActive Directory FSMO

About The Author

Eric Shanks is a Principal Technical Marketing Manager at Portworx.

2 Comments

  • Nadeer Babu says:
    December 17, 2013 at 12:58 am

    Thanks for good explanation

    Reply
  • Ahmad Z says:
    May 14, 2014 at 5:45 am

    thank you for the article it helped alot,
    however if a DC from another domain deleted an object, that deletion would also reach the DC that holds the Infrastructure Master unless a phantom of that object is created on a 3rd DC that the Infrastructure Master will not check.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.