Data Storage

Active Directory stores data for an entire forest "Directory" and "forest" can be considered synonymous. Although there is a single directory, data storage is distributed among one or more domains while consistent data is maintained throughout the forest that applies to all domains. Computers that store Active Directory are called domain controllers.

Active Directory is partitioned and replicated. So that it can support tens of millions of objects, Active Directory is partitioned into logical segments. To provide support for 100s of thousands of clients and to provide availability, each logical partition replicates its changes separately among those domain controllers in the forest that store copies (replicas) of the same directory partitions.

Some directory partitions store forestwide configuration information and schema information; other directory partitions store information that is specific to individual domains, such as users, groups, and organizational units The directory partitions that store domain information are replicated to domain controllers in that domain only. The directory partitions that store configuration and schema information are replicated to domain controllers in all domains. In this way, Active Directory provides a data repository that is logically centralized but physically distributed. Because all domain controllers store forestwide configuration and schema information, a domain controller in one domain can reference a domain controller in any other domain if the information that it is requesting is not stored locally. In addition, domain controllers that are Global Catalog servers store a full replica of one domain directory partition plus a partial replica of every other domain in the forest. Thus, a domain controller that is a Global Catalog server can be queried to find any object in the forest.

Note

There is a distinction between a directory partition and a database partition. The Active Directory database is not partitioned. Only the directory tree, which is the logical representation of the data held by a domain controller, is partitioned.

The distribution of Active Directory data in the directory tree can be summarized as follows:

Domainwide Data

• Domain-specific data is stored in a domain directory partition.

• A full, writable replica of the domain directory partition is replicated to every domain controller in the domain, including any Global Catalog servers in the domain.

Forestwide Data

• Forestwide data is stored in two directory partitions — the configuration directory partition and the schema directory partition. The Configuration container is the topmost object of the configuration directory partition; the Schema container is the topmost object of the schema directory partition.

• Full, writable replicas of the configuration directory partition and the schema directory partition are replicated to every domain controller in the forest.

• In addition to a full, writable replica of a single domain (the domain for which the domain controller is authoritative), partial, read-only replicas of every other domain directory partition in the forest are stored on domain controllers that are designated as Global Catalog servers. The read-only replicas in the Global Catalog are "partial" because they store only some of the attributes for each object.

Note

When Active Directory is first installed on a computer that is running Windows 2000 Server, the entire full replicas or partial replicas are replicated to create the directory. Thereafter, only changes to directory objects (attribute changes and the creation and deletion of objects) are replicated.