Scribd
Upload
340 views

Active Directory Database Structure

The Active Directory database (ntds.dit) is divided into partitions including the schema, configuration, and domain partitions. The schema partition contains object classes and attributes, the configuration partition contains forest-wide configuration, and each domain partition is unique to its domain. Flexible single master operations (FSMO) roles maintain these partitions, including the schema master, domain naming master, PDC emulator, RID master, and infrastructure master. The ntds.dit file and associated log files are in the NTDS folder and help track changes to the Active Directory database.

Uploaded by

Rajesh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
340 views

Active Directory Database Structure

The Active Directory database (ntds.dit) is divided into partitions including the schema, configuration, and domain partitions. The schema partition contains object classes and attributes, the configuration partition contains forest-wide configuration, and each domain partition is unique to its domain. Flexible single master operations (FSMO) roles maintain these partitions, including the schema master, domain naming master, PDC emulator, RID master, and infrastructure master. The ntds.dit file and associated log files are in the NTDS folder and help track changes to the Active Directory database.

Uploaded by

Rajesh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 6

ACTIVE DIRECTORY DATABASE STRUCTURE

Database File

: Ntds.dit

DIT

: Directory Information Tree

Default Path

: \Windows\ntds\ntds.dit

Default size of ntds.dit

:10 MB (win 2000)


12 MB (win 2003)

Ntds.dit file is divided into multiple partitions. They are as follows

a) Schema Partition
b) Configuration Partition
c) Domain partition

d) Application Partition (only in case of windows 2003)


Note: Application Partition is not available in windows 2000

FRONT END TOOL TO EDIT NTDS.DIT

a) Active directory users and computers (or) dsa.msc


b) Active directory domain and trusts
c) Active directory sites and services
d) Active directory schema
Note: Active directory schema is hidden

SCHEMA PARTITION
It contains the object class and attributes. And also contains the source template
for the creation of the domain objects. Throughout the entire forest the same
schema will maintained. Schema admin only has the full control to edit the
schema partition. This schema is created during the root DC. Tool used to edit
this is Active directory schema.

DOMAIN PARTITION
Domain partition contains the entire domain objects like user accounts,
passwords, and group objects membership information. Each and every domain
has its own domain partition because it is entirely different compared to other
domain.

CONFIGURATION PARTITION
It contains the configuration parameters of the forest like how many trees,
domains and its names, global catalog, sited and names, trust relationship Etc.
Throughout the entire forest the same configuration partition will maintain. By
default it is in root DC. Enterprise admin has the full control over this partition.

APPLICATION PARTITION
Application partition is only available in windows 2003.It contains the information
about the active directory integrated applications like DNS, authorized DHCP
information .etc

PERMISSIONS

Schema partition
o

Schema admin has the permission over this partition

Tool used is active directory schema

Configuration Partition
Enterprise admin has the permission over this partition
o

Tool used is active directory domain and trusts, active directory sited
and services

Domain Partition
o

Domain admin, Administrator, Enterprise admin, account operator has


the permission.

Tool used is active directory users and computers

NOTE:
ROOT DC - All the three partitions schema, configuration and domain partitions is in
R/W mode.

ADDITIONAL DOMAIN CONTROLLER - First two partitions schema and


configuration Partition is in R/W mode and third partition is in Read mode.

CHILD DOMAIN CONTROLLER - First two partitions schema and configuration


Partition will be in read mode which is replicated from Root DC. And the newly
created domain partition is in R/W mode. This domain partition is no way related
With root domain or other domain partition.

MANAGING OPERATION MASTERS


[FSMO] FLEXIBLE SINGLE MASTER OPERATIONS
There are five roles. They are
1)
2)
3)
4)
5)

Schema master
Domain Naming master
PDC Emulator
RID master
Infrastructure master

FOREST WIDE ROLES


a) Schema master
b) Domain naming master

SCHEMA MASTER
a) Responsible for maintaining schema partition in AD database
b) Responsible for creation, deletion, modification and extending of entries in
schema partition of AD database
c) Schema master contains read write copy of schema partition

d) It is a forest wide role


e) Throughout the entire forest only one schema will maintain
f) Available only in root DC
g) Schema admin will have the control over the schema master
h) Tool used is AD schema
i)

Only the users from the root domain will be the member of schema admin. By
default administrator will be the member

DOMAIN NAMING MASTER


a) Responsible for creation of trees, domains and child domains in the forest
b) Responsible for maintaining unique names
c) This should be global catalog
d) It has the read write copy of configuration partition
e) Enterprise admin has the full control
f) It is a forest wide role
g) For entire forest only one domain naming master will be maintain
h) By default root dc is the domain naming master

DOMAIN WIDES ROLES


a) PDC Emulator
b) RID master
c) Infrastructure master

PDC EMULATOR [Primary Domain Controller]


a) It acts as a PDC for NT 4.0 based BDCs
b) Updates the password to the AD database which originates from the prewindows 2k clients
c) Responsible for time synchronization for the entire forest with the help of time
server
d) Reduces the replication latency of the password changes between clients and
DC
e) Responsible for urgent replications between the DCs in the case of account
locking/unlocking, password resetinf, account renaming, account disabling
f) Responsible for group policy templates replication between the domain
g) Also responsible for avoiding the group policy template replication conflict

h) This is domain wide role


i) Each and every domain has the PDC emulator
j) Domain admin and administrator rights are enough for this.

RID MASTER [Relative Identification]


a) Responsible for assigning RIDs for each every domain objects
b) Root RID masters assigns the pool of RIDs to the child RID masters
c) Maintains unique IDs even after moving the objects between the domains
d) It Responsible for maintaining the object uniqueness
e) It is a domain wide role

INFRASTRUCTURE MASTER
a) It is a domain wide role
b) It is Responsible for interchanging the domain infrastructure information to the
other domain (E.g.) AGDLP strategy

MANAGING ACTIVE DIRECTORY DATABASE


FILES IN NTDS FOLDER
a)
b)
c)
d)
e)

ntds.dit
edb.chk
edb.log
res1.log
res2.log

1) ntds.dit - It is a actual database file.


Size: 10 MB (win 2000)
12 MB (win 2003)
2) edb.chk - It is responsible for tracking the changes/updates occurred in the
Database. It uses the transaction log file as the reference. Check
point file is in terms of KB

3) edb.log -

Each and every transactions occurred in the database will be

logged.
It is a extensive database transaction log file. Minimum and
Maximum log file size is 10 MB. We cannot able to access the file
only Engine has the permission. Once the 10 MB is full it will be
rename a Automatically.
4) res1.log & res2.log - For reserving 20 MB free space when the HDD run out of
disk space.

You might also like