top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
Search
  • Writer's pictureAbhijit Tiwari
    • Jul 13, 2017
    • 2 min read

Infrastructure master role isn't an important role if Active Directory Recycle Bin is enabled. N


Recently I was reading a book on Active Directory to bush up my knowledge when I suddenly saw this:-

Infrastucture Master role isn't important if AD Recycle bin is enabled

This completely blew my mind for a second and I thought that perhaps this isn't true. As all my life I have been learning that Infrastructure Master is a FMSO role and you don't mess with FSMO roles.

Before, I discuss why this is no longer required lets understand why Infrastructure Master role is required.

The infrastructure master is used to maintain references to objects in other domains, known as phantoms. If three users from Domain B are members of a group in Domain A, the Infrastructure master on Domain A is used to maintain references to the phantom Domain B user members. These phantoms are not manageable or even visible through ordinary means; they are an implementation construct to maintain consistency.

The infrastructure master FSMO role owner is used to continually maintain the phantoms whenever the objects they refer to are changed or moved in the object’s domain. When an object in one domain references an object in another domain, it represents that reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The Infrastructure master FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference.

So, why is this no longer required? well I usually don't believe stuff till I see an official article from Microsoft , which fortunately I had found. https://msdn.microsoft.com/en-us/library/cc223753.aspx

As, per the article above when the Recycle Bin feature is enabled, every DC is responsible for updating its cross-domain object references in the event that the referenced object is moved, renamed, or deleted. In this case, there are no tasks associated with the Infrastructure FSMO role, and it is not important which domain controller owns the Infrastructure Master role.

However, this is only applicable to Domains running on 2008 and above. Seems, that I need to read books too often. I hope this was informative.

211 views0 comments
bottom of page