Directory Service

Article
11/30/2009

Applies To: Windows Server 2008 R2

The directory service is a database with multiple data partitions, as well as the processes to maintain, manage, and secure the database. Domain controllers host and replicate the directory service database inside the forest. The directory service also provides services for managing and authenticating resources in the forest.

Managed Entities

The following is a list of the managed entities that are included in this managed entity:

Name	Description
Interfaces	Lightweight Directory Access Protocol (LDAP) is the standard protocol that directory clients use to gain access to data that is held by directory servers. LDAP supports a relatively simple set of operations, such as bind, unbind, read, and modify. LDAP is the primary interface to Active Directory Domain Services (AD DS), and it is responsible for packaging and interpreting LDAP packets over the network.
Data (Database, Logs, SYSVOL, Partitions)	Active Directory data is replicated as a database that is separated into several partitions. These partitions represent the major object categories that organize, manage, and secure domain resources. Administrators and services can define custom data partitions. For example, Domain Name System (DNS) data partitions are created when DNS information is integrated with Active Directory Domain Services (AD DS). The partitions that are created by default include the following: Domain naming context: Includes user, group, and computer accounts; network shares; and other resources for each domain in the forest. Configuration container: Includes configuration information about the sites, domains, and services that are available across the forest. Schema: Defines the type of information that can be stored. The database itself consists of the Ntds.dit file and its related logs, which are stored in the NTDS folder on each domain controller by default. The folder location where the database is stored can be changed. Another essential component of AD DS is the SYSVOL shared folder on each domain controller. The SYSVOL shared folder provides a location to which domain controllers replicate AD DS data to each other.

Interfaces

Lightweight Directory Access Protocol (LDAP) is the standard protocol that directory clients use to gain access to data that is held by directory servers. LDAP supports a relatively simple set of operations, such as bind, unbind, read, and modify. LDAP is the primary interface to Active Directory Domain Services (AD DS), and it is responsible for packaging and interpreting LDAP packets over the network.

Data (Database, Logs, SYSVOL, Partitions)

Active Directory data is replicated as a database that is separated into several partitions. These partitions represent the major object categories that organize, manage, and secure domain resources. Administrators and services can define custom data partitions. For example, Domain Name System (DNS) data partitions are created when DNS information is integrated with Active Directory Domain Services (AD DS). The partitions that are created by default include the following:

Domain naming context: Includes user, group, and computer accounts; network shares; and other resources for each domain in the forest.
Configuration container: Includes configuration information about the sites, domains, and services that are available across the forest.
Schema: Defines the type of information that can be stored.

The database itself consists of the Ntds.dit file and its related logs, which are stored in the NTDS folder on each domain controller by default. The folder location where the database is stored can be changed.

Another essential component of AD DS is the SYSVOL shared folder on each domain controller. The SYSVOL shared folder provides a location to which domain controllers replicate AD DS data to each other.

Active Directory

Directory Service

Managed Entities

Related Management Information

Additional resources