Data (Database, Logs, SYSVOL, Partitions)

  • Article

Applies To: Windows Server 2008

Active Directory data is replicated as a database that is separated into several partitions. These partitions represent the major object categories that organize, manage, and secure domain resources. Administrators and services can define custom data partitions. For example, Domain Name System (DNS) data partitions are created when DNS information is integrated with Active Directory Domain Services (AD DS). The partitions that are created by default include the following:

  • Domain naming context: Includes user, group, and computer accounts; network shares; and other resources for each domain in the forest.
  • Configuration container: Includes configuration information about the sites, domains, and services that are available across the forest.
  • Schema: Defines the type of information that can be stored.

The database itself consists of the Ntds.dit file and its related logs, which are stored in the NTDS folder on each domain controller by default. The folder location where the database is stored can be changed.

Another essential component of AD DS is the SYSVOL shared folder on each domain controller. The SYSVOL shared folder provides a location to which domain controllers replicate AD DS data to each other.

Managed Entities

The following is a list of the managed entities that are included in this managed entity:

Name Description

Partition Replication

Active Directory Domain Services (AD DS) data is logically partitioned so that all domain controllers in the forest do not store all objects in the directory. Active Directory objects are instances of schema-defined classes, which consist of named sets of attributes. When a change is made to an object in a directory partition, the value of the changed attribute or attributes must be updated on all domain controllers that store a replica of the same directory partition. Domain controllers communicate data updates automatically through Active Directory replication. Communication about updates is always specific to a single directory partition at a time.

Different categories of data are stored in replicas of different directory partitions, as follows:

  • Domain directory partition: Also known as the domain naming context (NC), contains domain-specific objects such as computer, user, and group accounts.
  • Configuration directory partition: Contains forest-wide data that controls site and replication operations.
  • Schema directory partition: Contains schema definitions for the forest.
  • Application directory partitions: Contain data that is particular to specific applications. Application directory partition replicas can be replicated to any set of domain controllers in a forest, irrespective of domain.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

Backups

You should back up the directory database on a domain controller routinely so that if hardware fails or data becomes corrupt, you can quickly recover the information in the database.

Database integrity

Domain controllers host highly sensitive data. Domain controllers attempt to protect this data from accidental loss or corruption. Although you can use disk write caching to increase application performance, disk write caching is not recommended for use on a domain controller because it can increase the chance of data corruption and loss.

Active Directory