Topic Last Modified: 2005-11-17

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value of the fSMORoleOwner attribute of the infrastructure master in the Domain Naming Context. For example, in a domain called, fSMORoleOwner for the infrastructure master is an attribute of CN=Infrastructure,DC=contoso,DC=com. The Exchange Server Analyzer then tries to open a Lightweight Directory Access Protocol (LDAP) connection to TCP port 389 on the domain controller that currently holds this role. If the Exchange Server Analyzer cannot connect to this domain controller, an error is displayed.

The infrastructure master updates the group-to-user references whenever the members of groups are renamed or changed within a domain. The domain controller that holds the infrastructure master role for the group’s domain updates the cross-domain group-to-user reference to reflect the user’s new name. Periodically, the infrastructure master scans the domain accounts and verifies the membership of the groups. If a user account is moved to a new domain, the infrastructure master identifies the user account’s new domain and updates the group accordingly. After the infrastructure master updates these references locally, it uses replication to update all other replicas of the domain. If the infrastructure master is unavailable, these updates are delayed. At any time, there can be only one domain controller acting as the infrastructure master in each domain.

To correct this error

  1. Verify that the directory server specified in the error is online and accessible by Exchange servers in your organization.

  2. If this directory server has been decommissioned, you must assign the infrastructure master role to another domain controller.

For more information about transferring the infrastructure master role from one domain controller to another domain controller, see the following Microsoft Knowledge Base articles: