Active Directory Partition
AD database is stored in one file i.e. ntds.dit. However, the AD database is divided up into partitions for better replication and administration.
Different categories of data are stored in replicas of different directory partitions, as follows:
- Domain data: It is stored in domain directory partitions.
- Domain Directory Partition: Every domain controller stores one writable domain directory partition. It replicates data with DC’s in the same domain. Active Directory Users and Computers obtains it data from this partition. All Domain Controllers in that domain replicate changes to each other regardless of whether the Domain Controller is a global catalog server.
- Global Catalog Directory Partition: A domain controller that is a global catalog server stores one writable domain directory partition and a partial, read-only replica of every other domain in the forest. Global catalog read-only replicas contain a partial set of attributes for every object in the domain. It Replicates GC data with all GC’s in the forest. The Global Catalog Partition is created automatically by software on the Domain Controller. This software copies some of the attributes for each object in the Global Catalog Partition. This information is replicated to other Domain Controllers inside and outside the domain. This is how, given enough time, all Global Catalog servers will have a partial replicate of all objects in the domain.Note: Partial Attribute Set data – Need to be added in schema edit window (don’t use ADSIedit, use schema management from mmc after running regsvr32 schmmgmt.dll in run command)
2. Configuration data: Every domain controller stores one writable Configuration Directory Partition that stores forest-wide data controlling site and replication operations. Replicates with all DC’s in the forest. This partition contains configuration information for the whole forest. For example, it contains information about sites in the forest and partition defined in the Active Directory database.
3. Schema data: Every domain controller stores one writable Schema Partition that stores schema definitions for the forest. The schema partitions define what can be stored in the Active Directory database. It essentially defines the layout of the database.
Although the schema directory partition is writable, schema updates are allowed on only the domain controller that holds the role of schema operations master.
Although the schema directory partition is writable, schema updates are allowed on only the domain controller that holds the role of schema operations master.
4. Application data : Domain controllers that are running Windows Server 2003 or above can store data inside AD database called Application directory partitions. Application directory partition replicas can be replicated to any set of domain controllers in a forest, irrespective of domain. The application partition is created by Applications to store their data. It is different from any other partition in that the application can choose which Domain Controller or Controllers to store the data on. The advantage for the application storing the data this way is that the application has access to the same replicate and fault tolerance used by the Domain Controllers. An example of an Application is DNS Integrated Active Directory Zones. When this zone type is used, the data is stored in an application partition.Replicates with any specified DC in which app has created the separate partition. E.g. AD integrated DNS will have an Application directory partition in AD. Similarly, Exchange 2010
