There may be a problem with the delegation of the infrastructure master role. The machine with the infrastructure master role updates the group-to-user reference whenever group memberships change and replicates these changes across the domain. At any time, the infrastructure master role can be assigned to only one domain controller in each domain, so there's a chance that identity may have become corrupted. You can identify the computer holding the infrastructure master role by using the command netdom query fsmo and repair or replace the computer holding the infrastructure master role. It may be necessary to seize the infrastructure master role using the AD server in question.
Dig deeper on Enterprise Infrastructure Management
Related Q&A from Serdar Yegulalp, WinIT
Frustrated admins have been dealing with extend.dat error messages since Outlook 97. Our expert sheds some light on this all-too-common Outlook error.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.