DistributedNetworks DistributedNetworks


Physical Structure  «Prev  Next»

Active Directory Operations

The correct matches are as follows:
  1. Infrastructure master: In a native mode domain, receives preferential replication of password changes performed by other domain controllers in the domain.
  2. Schema master: Controls addition and removal of domains in the forest.
  3. PDC emulator: Updates group-to-user references when group memberships change.
  4. RID master: Controls updates and changes to the extensible description of object classes and attributes stored in Active Directory.
  5. Domain naming master: Allocates sequences of relative identifiers.

Infrastructure master (domain-wide)

The infrastructure master is used to maintain references to objects in other domains, known as phantoms. If three users from Domain B are members of a group in Domain A, the Infrastructure master on Domain A is used to maintain references to the phantom Domain B user members. These phantoms are not manageable or even visible through ordinary means; they are an implementation construct to maintain consistency.
The infrastructure master FSMO role owner is used to continually maintain the phantoms whenever the objects they refer to are changed or moved in the object's domain. When an object in one domain references an object in another domain, it represents that reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The Infrastructure master FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.
The infrastructure master is also responsible for fixing up stale references from objects in its domain to objects in other domains (stale means references to objects that have been moved or renamed so that the local copy of the remote object's name is out of date).
It does this by comparing its (potentially stale) naming data with that of a Global Catalog, which automatically receives regular replication updates for objects in all domains and hence has no stale data. The Infrastructure master writes any updates it finds to its objects and then replicates the updated information around to other DCs in the domain.
However, if a GC also holds the Infrastructure master role, by definition the server hosting the GC will always be up to date and will therefore have no stale references. If it never notices that anything needs changing, it will never update any non-GC servers with infrastructure updates.
Once the Active Directory Recycle Bin has been enabled, the infrastructure master's functions are performed independently by every DC in the forest. That is, the tasks just described are no longer delegated to a single DC.