Announcement

Collapse
No announcement yet.

CN=Infrastructure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • CN=Infrastructure

    Hiya All.

    I'm getting ready to add a whopping second DC to our network.
    Win2K3 Active Directory - One Forest, One Domain, and currently One DC/GC.

    So, I'm trying to make sure I have as many weeds out of the current forest as possible. I'm noticing that our CN=Infrastructure container has a 'default Windows' icon.
    Is there anyone that might be able to shed some light on this for me?
    Attached Files
    Last edited by MikeDub; 17th November 2008, 19:25.

  • #2
    Re: CN=Infrastructure

    Its for the Infrasturcture Master FSMO.

    http://support.microsoft.com/kb/248047

    Comment


    • #3
      Re: CN=Infrastructure

      Hi,

      The info provided by Garen is not relevant here.

      Infrastructure master can't be seen in ADUC as OU. The way you can check Infrastructure master is on cmd line netdom query fsmo or aduc > right click > operation master

      The one that you are seeing in nothing but a an OU created manually most probably.

      The way you can re check is using ADSIedit.msc or ldp

      Just create another TestOU

      Take an ldp dump of both the TestOU and Infrastructure that you are seeing in ADUC and use windiff to compare it

      Let me know if that helped you
      Thanks & Regards
      v-2nas

      MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
      Sr. Wintel Eng. (Investment Bank)
      Independent IT Consultant and Architect
      Blog: http://www.exchadtech.blogspot.com

      Show your appreciation for my help by giving reputation points

      Comment


      • #4
        Re: CN=Infrastructure

        Hi,
        I think the info provided by Garen is quite relevant here.
        Have a look at this Blog for more info: - http://blogs.dirteam.com/blogs/tomek...hat-is-it.aspx

        Cheers
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: CN=Infrastructure

          More Info:
          I've just found out (ok, not just...found out last night) that there was an attempt at adding a second DC a while back. Now, the keyword there is 'attempt'.

          L4ndy - I tried to get to that blog entry; however, the company I'm at now blocks most blogs and I couldn't get to it.

          I've also attached a screenshot showing the 'container type'. It comes up as 'infrastructureUpdate' for the type
          Attached Files
          Last edited by MikeDub; 18th November 2008, 15:17.

          Comment


          • #6
            Re: CN=Infrastructure

            Hi,

            Since you can't get to the Blog I'll bring the blog to you:

            Originally posted by http://blogs.dirteam.com/blogs/tomek/archive/2007/10/31/cn-infrastructure-what-is-it.aspx[/QUOTE
            CN=Infrastructure - what is it?

            Few days ago on a newsgroup (yes, Usenet still lives ) somebody asked question what CN=Infrastructure is and if it can have something to do with GPO problems which are affecting his AD infrastructure. So ... can it be a cause of such problems?

            I was thinking about describing some case related to objects recovery which is also related to infrastructure updates so maybe first I will describe what this CN=Infrastructure object is and what role is it playing in AD.

            If you haven't seen it yet time to switch on advanced mode in ADU&C or use tool like LDP.EXE or ADSIEdit.msc - AD might not look the same . You will find this object in every domain under main naming context so its full DN will be something like CN=Infrastructure,DC=<domain>,DC=<tld>.

            If You will look for it on a web information can be found that this is representation fo Infrastructure Master role holder. This is little simplification of its role. As we know Infrastructure Master exists in every domain and is used for some tasks, one of them is managing phantom objects. Phantom objects (another creature which might be present in AD but is not easy to see) is being created in directory to represent objects from other domain (naming context) which is member of a group etc. Infrastructure Master role holder is responsible for creating, updating and deleting there objects in AD.

            And here our CN=Infrastructure object is playing its part. Because phantoms are not exactly directory objects and exists only in DB layer changes to phantoms can't be replicated using standard AD mechanisms. If Infrastructure master has to inform other DCs about phantom changes it creates infrastructureUpdate class object in CN=Infrastructure (object, even if it is not a container can contain other objects) and this object is being replicated across environment and processed to update phantom data. To make it more interesting such object is being deleted right away after creation .

            So as You can see Infrastructure object is being used as some kind of transport for updates generated by Infrastructure Master in domain.

            BTW - using permissions on Infrastructure object you can delegate permission to manage infrastructure master FSMO role holder. But I don't think that this is task which is delegated often.

            Answering newsgroup question - it is very unlikely that this object can break something with GPO processing in domain. And at the end it turned out that something else was causing these errors.
            Ref:http://blogs.dirteam.com/blogs/tomek...hat-is-it.aspx
            Last edited by biggles77; 19th November 2008, 09:15.
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: CN=Infrastructure

              Originally posted by MikeDub View Post
              More Info:
              I've just found out (ok, not just...found out last night) that there was an attempt at adding a second DC a while back. Now, the keyword there is 'attempt'.

              L4ndy - I tried to get to that blog entry; however, the company I'm at now blocks most blogs and I couldn't get to it.

              I've also attached a screenshot showing the 'container type'. It comes up as 'infrastructureUpdate' for the type
              From reading the blogs and etc, the Infrastructure master replicates changes using a different method. That file is a special container used for that purpose. It's supposed to be there.

              Comment


              • #8
                Re: CN=Infrastructure

                It's similar to my having a OU called BEServer with a type of serviceConnectionPoint.

                It's harmless.
                GoogleFu is strong with this one ^

                Comment

                Working...
                X