AD Data Structures and Storage

Architecture
The Active Directory structure and storage architecture consists of four parts:

Active Directory domains and forests.

Domain Name System (DNS)

Schema

Data store
 Active Directory Domains and
Forests
Forests, domains, and organizational units (OUs) make up the core

elements of the Active Directory logical structure. A forest defines

a single directory and represents a security boundary. Forests

contain domains.
 Domain Name System

DNS provides a name resolution service for domain

controller location and a hierarchical design that Active

Directory can use to provide a naming convention that

can reflect organizational structure.

 Schema

The schema provides object definitions that are used to

create the objects that are stored in the directory.

 Data Store

The data store is the portion of the directory that

manages the storage and retrieval of data on each domain

controller.
AD Data Structures and Storage
Architecture
 Active Directory Domains and
Forest
Domains partition the directory into smaller sections within a single forest.

This partitioning results in more control over how data is replicated so that

an efficient replication topology can be established and network bandwidth is

not wasted by replicating data where it is not required.

 OUs make it possible to group resources in a domain for management

purposes, such as applying Group Policy or delegating control to

administrators.
 Active Directory Domains and
Forest
Logical Structure Architecture: Relationship
among Forest, Domains and OU’s
 DNS support for Active Directory

Active Directory uses DNS as its domain controller location

mechanism.

When any of the principal Active Directory operations,

such as authentication, updating, or searching, is performed,

domain joined computers use DNS to locate Active Directory

domain controllers, and these domain controllers use DNS to

locate each other.

 Active Directory Schema

The Active Directory schema contains definitions for all the

objects that are used to store information in the directory.
 There is one schema per forest. However, a copy of the schema
exists on every domain controller in the forest.
This way, every domain controller has quick access to any object
definition that it might need, and every domain controller uses the
same definition when it creates a given object.
The data store relies on the schema to provide object definitions,
and the data store uses those definitions to enforce data integrity.
 Active Directory Data Stores
The Active Directory data store is made up of several components that together
provide directory services to directory clients. These components include the
following:
Four interfaces:
Lightweight Directory Access Protocol (LDAP)
Replication (REPL) and domain controller management interface
Messaging API (MAPI)
Security Accounts Manager (SAM)
Three service components:
Directory System Agent (DSA)
The database layer
Extensible Storage Engine (ESE)
The directory database where the data is actually stored
Data store Architecture