You have an Active Directory Domain Services (AD DS) forest that contains two domains named amer.contoso.com and apac.contoso.com. Apac.contoso.com contains a domain local group named Group1. Group1 contains users in amer.contoso.com.
From Active Directory Users and Computers, you review the group membership of Group1 and notice that the entries for the group members are listed as security identifiers (SIDs).
You verify that the trust relationship between the two domains is fully operational.
You need to ensure that the name of each user is displayed instead of their SID.
Which FSMO role holder should you review?
- domain naming
- infrastructure
- PDC Emulator
- RID Master
- Schema master
infrastructure
The symptoms described in the stem represent an issue with the infrastructure master. In a multi-domain forest, the infrastructure master updates reference to SIDs from other domains with the corresponding security principal names. Domain naming FSMO role issues prevents the creation of new domains. PDC emulator FSMO role issues lead to time synchronization issues. RID FSMO role issues prevent the creation of security principals.
Manage AD DS operations masters - Training | Microsoft Learn